What is Trusted Cloud Computing?

Trusted computing is a broad term that refers to technologies and proposals for resolving
computer security problems through hardware enhancements and associated software
modifications.
Several major hardware manufacturers and software vendors, collectively known as the Trusted
Computing Group (TCG), are cooperating in this venture and have come up with specific plans.
The TCG develops and promotes specifications for the protection of computer resources from
threats posed by malicious entities without infringing on the rights of end users.
Trust and security have prevented businesses from fully accepting cloud platforms. To protect clouds,
providers must first secure virtualized datacenter resources, uphold user privacy, and preserve data
integrity. Trusted Cloud Computig in cloud platform ensures the confidentiality and integrity of
computations that are outsourced to IssS services.

Any 5 Server security issues including denial of service attack

Security and Privacy Issues in Cloud Computing

Data Integrity

Data integrity is one of the most critical elements in any information system.
 Generally, data integrity means protecting data from unauthorized deletion, modification, or
fabrication or we can say preserving information integrity.

Managing entity's admittance and rights to specific enterprise resources ensures that valuable
data and services are not abused, misappropriated, or stolen.

DB which support ACID can maintain data integrity.

The data should not be lost or modified by unauthorized users. Through RAID and Digital
Signature, we can also maintain data integrity.

Authorization is used to control the access of data.

It is the mechanism by which a system determines what level of access a particular

authenticated user should have to secure resources controlled by the system.

By avoiding the unauthorized access, organizations can achieve greater confidence in data
integrity.

Data Confidentiality

Data confidentiality is important for users to store their private or confidential data in the cloud.

Authentication and access control strategies are used to ensure data confidentiality.

The data confidentiality, authentication, and access control issues in cloud computing could
be addressed by increasing the cloud reliability and trustworthiness.
Data Availability

Data availability means the following:

when accidents such as hard disk damage, IDC fire, and network failures occur, the extent that
user's data can be used or recovered

and how the users verify their data by techniques rather than depending on the credit guarantee
by the cloud service provider alone.

 Reliable Storage Agreement

 Reliablity of Hard Drive
Data Privacy

Privacy is the ability of an individual or group to seclude themselves or information about

themselves and thereby reveal them selectively. Privacy has the following elements.

(i) When:

(ii) How:

(iii) Extent:

In the cloud, the privacy means when users visit the sensitive data, the cloud services
can prevent potential adversary from inferring the user's behavior by the user's visit
model (not direct data leakage).
 The privacy issues differ according to different cloud scenarios and can be divided into
four subcategories as follows:

(i) how to enable users to have control over their data when the data are stored
and processed in cloud and avoid theft, nefarious use, and unauthorized resale,

(ii) how to guarantee data replications in a jurisdiction and consistent state, where
replicating user data to multiple suitable locations is an usual choice, and avoid
data loss, leakage, and unauthorized modification or fabrication,

(iii) which party is responsible for ensuring legal requirements for personal
information,

(iv) to what extent cloud subcontractors are involved in processing which can be
properly identified, checked, and ascertained.

Service Abuse : User data may be abused by other users.

Deduplication technology has been widely used in the cloud storage, which means
that the same data often were stored once but shared by multiple different users

Attackers may lead to the cost increase of cloud service.

Fraudulent resource consumption is a kind of attack on the payment for cloud

service.

Attackers can consume the specific data to increase the cost for cloud service
payment.

Averting Attack :

The cloud computing facilitates huge amount of shared resources on the Internet.
Cloud systems should be capable of averting Denial of Service (DoS) attacks.

Idnetity Management

security threat increases when a trusted third party is involved.

By involving a trusted third party, there is a chance of heterogeneity of users which

affects security in the cloud.

A possible solution to this problem could be to use a trusted third party

independent approach for Identity Management to use identity data on untrusted
hosts.

Problems of data leakage and loss of privacy is a big challenge in cloud

computing.

Different levels of protections can be used to prevent data leakage and privacy
loss in the cloud.

Cloud computing provides new business services that are based on demand.

Cloud networks have been built through dynamic virtualization of hardware,

software, and datasets.

Cloud security infrastructure and the trust reputation management play a vital role
to upgrade the cloud services [55].

The Internet access security, server access security, program access security,
and database security are the main security issues in the cloud.

Any 4 security and privacy issues of cloud computing

 Data Breaches
 Hijacking of Accounts
 Insider Threat
 Malware Injection
 Abuse of cloud services
 Insecure APIs
 Denial of Service Attack
 Trust
 Confidentiality and Privacy
 Security Identification of Threats
 Integrity
 Availability
 Software Security
 Authentication
 Authorization
 NonRepudiation
 Privacy Breach
 Connection Flooding
 Shared Vurnabilities
 Insufficient Due Diligence
  Data Loss

https://www.cwps.com/blog/cloud-computing-security-issues
https://www.imperva.com/blog/top-10-cloud-security-concerns/

Distributed-Denial-of-Service Attacks. ...
Shared Cloud Computing Services. ...
Employee Negligence. ...
Data Loss and Inadequate Data Backups. ...
Phishing and Social Engineering Attacks. ...
System Vulnerabilities
Inability to maintain regulatory compliance
Inability to prevent malicious insider theft or misuse of data
Inability to monitor data in transit to and from cloud applications

Authentication and authorization

Authentication provides a way of identifying a user, typically by having

the user enter a valid user name and valid password before access is
granted. The process of authentication is based on each user having a
unique set of criteria for gaining access. The AAA server compares a
user's authentication credentials with other user credentials stored in a
database. If the credentials match, the user is granted access to the
network. If the credentials are at variance, authentication fails and network
access is denied.

Following authentication, a user must gain authorization for doing

certain tasks. After logging into a system, for instance, the user may try
to issue commands. The authorization process determines whether the
user has the authority to issue such commands. Simply put, authorization
is the process of enforcing policies: determining what types or qualities of
activities, resources, or services a user is permitted. Usually, authorization
occurs within the context of authentication. Once you have authenticated a
user, they may be authorized for different types of access or activity.

Digital identity and content level security in cloud computing

A digital identity is information on an entity used by computer systems to represent

an external agent. That agent may be a person, organization, application, or device.
ISO/IEC 24760-1 defines identity as "set of attributes related to an entity".

Every enterprise will have its own to control access to information and computing
resources. Cloud providers either integrate the customer’s identity management
system into their own infrastructure, using or technology, or a biometric-based
identification system, or provide an identity management system of their
own. Cloud ID, for instance, provides privacy-preserving cloud-based and cross-
enterprise biometric identification. It links the confidential information of the users
to their biometrics and stores it in an encrypted fashion. Making use of a searchable
encryption technique, biometric identification is performed in encrypted domain to
make sure that the cloud provider or potential attackers do not gain access to any
sensitive data or even the contents of the individual queries.

Content Level Security is a new security model has been described as “content or
information-centric.” What this means in reality is that the content that makes up
any given data object (for example, a Word docuent) is protected, as opposed to the
file – that is, the carrier of that information being protected. This subtle difference
in approach gives us a major advantage in terms of granularity and choice of
protection level, as well as persistence of protection.

Risk from multi tenancy

Many businesses still worry that storing data in the Cloud is not secure. One of
the main differences between a locally managed computing environment and a
cloud environment is the concept of multi-tenancy. Because data from different
customers is stored side by side on the same servers, there is some lingering
paranoia that “someone sharing my server can get at my data.” Multi-
tenancy is not a new concept but it is an integral part of secure cloud-based
applications and storage solutions. In fact, the largest cloud-based applications
like Salesforce.com have employed multi-tenancy for years with great success.

Single Tenancy

If I own a house and am the only occupant then I have a lock on the main outside
door to keep others out. This house could have many rooms, all secured by the
one outside lock. If I share this house with others then I need to give everyone a
key to the only lock so they can get into the house. Once inside the house, though,
all rooms can be accessed by everyone. What if these people are not all known to
me? I certainly would not want to give out too many keys as this is a security risk.

Multi-tenancy

Now, what if I own an apartment building? There may still be a main lock on the
outside of the building but inside there are many separate apartments, each with
its own entrance protected by a unique lock. This prevents other tenants from
entering an apartment that is not theirs. The owner of each individual apartment is
the only one with a key to their lock. Only the owner of the apartment can get
inside. Each apartment owner knows only about their own apartment and what is
inside. They know nothing about the other apartments or their contents.

Nevertheless, the million dollar question still remains. Is it secure?

Multi-tenancy in cloud means sharing of resources and services to run software

instances serving multiple consumers and client organizations (tenants). It means
physical resources (such as computing, networking, storage) and services are
shared, also the administrative functionality and support may also be shared. One
of the big driver for providers is to reduce cost by sharing and reusing resources
among tenants.
Multi-Tenancy has brought different arguments in Cloud Computing. While
software developers see it as an opportunity, security experts see it as
ulnerability Even though security experts agree that Multi- Tenancy is a
vulnerability that could lead to confidentiality being exposed, they vary in
providing the solution for such vulnerability.

Virtualization + Resource Sharing = Multi-Tenancy

Security Risks
1. Inadequate Logical Security Controls: Physical resources (CPU,
networking, storage/databases, application stack) are shared between
multiple tenants. That means dependence on logical segregation and
other controls to ensure that one tenant deliberately or inadvertently
can not interfere with the security ( confidentiality, integrity,
availability) of the other tenants.
2.
3. Malicious or Ignorant Tenants: If the provider has weaker logical controls
between tenants, a malicious or an ignorant tenant may reduce the security
posture of other tenants.
4. Shared Services can become single point of failure: If the provider has
not architected well the common services, they can easily become single
point of failure due to misuse or abuse by a tenant.
5. Uncoordinated Change Controls and Mis configurations: When multiple
tenants are sharing the underlying infrastructure all changes needs to be
well coordinated and tested .
6. Co-mingled Tenant Data : To reduce cost providers may be storing the
data from multiple tenants in same database table-spaces and backup
tapes. Data destruction can become a challenge in multi-tenancy especially
 if data is stored in the shared media (databases, backups, archives).
7. Performance Risks :One tenant’s heavy use of the service may impact the
quality of service provided to other tenants.
8. XaaS Specific Risks
1. SaaS: Multiple clients (tenants) may be sharing the same application
stack ( database, app/web servers, networking). That means the
data from multiple tenants may get stored in the same database,
may get backed up and archived together, may be moving on
common networking devices (unencrypted), and managed by
common application processes. This puts a heavy emphasis on
logical security built within the application to separate one tenant's
users from others.
2. PaaS: Platform stack is shared among the tenants. Vulnerability in
the platform stack can allow bleeding between tenants. Shared data
backups and archives.
3. IaaS: Cross Virtual machine attacks. Cross network traffic listening.
Co-residents with lower security posture, where they are less
concerned about keeping their hosts hardened and patched [5].
Especially when these hosts gets compromised and owned by the
attackers.

Countermeasure