ABSTRACT
Cloud computing employs the use of parallel and highly computed processors to virtually and remotely deliver services. This is an important factor forenterprises whose processing resources are limited and who suffer limitations on the manpower and data storage. This notwithstanding, cloud computing faces a serious threat in the area of data security. This is because the attackers have become very opportunistic and look for any slight loophole that will enable them to bypass the server securities within the cloud computing environment. It is thus important to come up with a systematic approach that can help in identifying the vulnerabilities and threats in order to ensure that the data is not accessed by any unauthorized persons. This paper reviewed some of the systematic approaches aimed at threat modelling and vulnerability checking and found none capable of managing these threats in the cloud computing environment. Thus the researchers of this paper came up with a viable model that is capable of supplying the lack model that can identify the threats and the vulnerabilities in the cloud computing environment. This proposed model can also help the organization to analyze the security risks when using the cloud computing services.
INTRODUCTION
One of the advantages of cloud computing is that it can deliver on-demand services. This it does by reducing the amount of capital that is invested in infrastructure, then maximizing the use of the resources that are available. The technology employed in cloud computing creates service mobility in the infrastructure and provides independency in the hardware platform in connection with the existing networking applications (Demchenko et al., 2012). Security has always been cited by the IT industry as the most critical issue that inhibits the growth of the cloud computing environment. Thus, it is important that threats, vulnerability and risks should be thoroughly analyzed in order to cub the security threat in the cloud computing environment. In order to effectively do this, the use of threat modelling is employed since it can systematically provide integrity and confidentiality required in order to deploy security in the cloud computing field. Threat modelling is capable of collecting background information that is needed in terms of the frequency of usage, assumptions for implementation, and external dependencies together with details of both internal and external security implementation strategies (Malik et al., 2008). There exist a number of techniques for threats modelling that are used to evaluate and analyze the vulnerabilities and threats, but such have not done much in subduing the problem. This paper thus takes the opportunity to fill the gap.
MATERIALS AND METHODS
Cloud computing security issues
This research first takes a look at the meaning of threats and vulnerability in order to understand the security issues that come with them. The threat is unauthorized access into an organization’s system that may lead to damage of the stored information therein. Vulnerability is the shortcomings of the system security of an organization due to absence of secure internal control methods, thus allowing room for unauthorized persons to access the organization’s information without permission (Bertino et al., 2010).
Cloud computing threats
There exists security guidance information which has been developed by Cloud Security Alliance (CSA), a global alliance that is responsible for threat control and management in the cloud computing environment (Soares et al., 2013). That information points out the following as the most vulnerable threats in cloud computing: Data leakage or loss: This is considered the most critical threat for organizations by CSA. Such a threat may result from deletion of data from the service providers on unforeseen accidents resulting from fire breakout. This threat can lead to the permanent loss of data by the customer. Hijacking of account or service: This threat enables the hijackers to access vital information that the organization would have wished to remain as a secret. Thus the organization should consider using strong techniques for authentication so that their cloud computing services remain secure. In addition, it will do well for the organization to limit the number of those who have access to its vital credentials which directly relates to the security of its data.
Insecure interface: The interfaces that the cloud computing customers use such as Application Programming Interfaces (APIs) together with the software interfaces are prone to threats due to lack of strong authentication techniques that would help to secure computing services from the continual attacks. Service denial: This threat is known as Distributed Denial of Service (DDoS) and is considered by the CSA to be the major security threat in the reliability of the organization’s cloud services that is publicly shared. In addition, this attack denies the users the access to the data and the desired applications. Malicious insider: This threat originates from within the organization, whereby an authorized employee or an administrator who is legally allowed to access the data damages the system. This threat results in a loss of confidentiality and integrity of the organization to its clients. Data breaches: This is the unauthorized access of the organization’s data by its competitors. This threat can be reduced by use of data encryption, but care should be taken in handling of the encryption key, which when it is lost, the organization will lose all its data. Misuse of cloud services: Since violations of the registration requirements has not been met with the full force of the law, the attackers have continued to take advantage of the situation and leverage data from organizations without any permission, so long as they have the valid credit cards (Hamza et al., 2013). Lack of enough diligence: Most of the organizations do rush the process of cloud computing because they want to reduce the cost and to access a variety of resources. Thus, in the process, they fail to understand the environment in which the cloud service would operate on, and subject themselves to the risks that come with the failure to understand the cloud service provider environment. Insecure VM migration: Different VMs are migrated during federated and hybrid clouds. In this process, attackers take advantage of this insecure process and illegally access data that enables them to transfer VM to the other hosts which are not trusted (Hashizume et al., 2013).
Cloud computing vulnerability
Vulnerability is defined as the probability of an asset to fail to resist a threat. This study considers a number of indicators of cloud specific vulnerabilities as below. Session riding: this is the sending of commands to the web by the hackers in an attempt to acquire data illegally. Virtual Machine escape: the act of attackers running code on the VM so as to break out the operating system. Obsolete cryptography: this is the failure to develop strong encryption or omission of the encryption totally. A stronger algorithm is thus needed for encrypting the data so that the attackers do not decode the information therein. Access to management interface by unauthorized persons: this kind of vulnerability makes the attackers to have full control of the applications and the users at large. Internet protocol: due to lack of the authentication methods other than base protocol designs, the attackers gets the opportunity to inject their infectious traffic into the network. In addition, other protocols such as IP, UDP and TCP are all prone to denial of service attacks that ranges from session hijacking to cash poisoning. Data recovery: cloud computing allows room for allocation and relocation of resources by a variety of users. This could lead to the stealing of data, data breaches together with other threats leading to data insecurity. Most organizations prefer using third party vendors in data recovery. This in turn poses security risk between them and other external companies. Metering and billing: cloud computing is able to meter and measure services including processing, storage and user accounts. The vulnerabilities that come with this contains billing and metering data treatment and illusion of billing. Vendor lock-in: in this situation, the cloud’s user depends on only one vendor. Thus the cloud user cannot deal with another service provider. In this case, any attempts by the cloud user to deal with another service provider leads to inconvenience. This is because such users lack standards of operation which they should set for themselves. This proposed model is capable of solving this lack by setting up user standards of operation. MODEL DISCUSSION Proposed model to curb the threat The model to be used in curbing the threats consists of four major steps which are further divided into their sub-steps. Step one involves identifying assets and then categorizing the person or the program that has illegally accessed that asset. Step two deals with the ability of the service provider to avail literal requirements of the user. Here, unique threats are identified and ways are devised in order to deal with the threats.
Threat models already in existence
Properties of threat modeling Microsoft TAM PTA personal pervasive proposed network computing model
Ability to identify assets yes no yes yes yes yes
Able to establish user roles no no no no no yes
Identify security domain no no no no yes yes
Trustworthy establishment no no no no yes yes
Can scan security domain no no no no no yes
Threat identification yes yes yes yes yes yes
Vulnerability identification no no yes yes yes yes
Countermeasure action no no no no yes yes
Threat ranking yes yes yes yes yes yes
Vulnerability ranking no no yes no no yes
Ability to define new threats,
Vulnerabilities or assets no no no no yes yes
Source (Hashizume et al., 2013):
The table above shows the comparison between the models that are already in existence against the proposed model. The analysis from the table shows lack of ability of the existing models to totally deal with the threats and the vulnerabilities, a lack which is supplied by the proposed model. Thus it is only this proposed model that is able to solve all the above threats completely.
The diagram below shows the proposed model and its subsections.
Figure 1: proposed Model for cloud computing. Source (Hashizume et al., 2013).
Step three, which is the final step, is to present the rating of the system in order to unearth additional threats and vulnerabilities.
Identification of the assets In the field of IT, the asset is data, hardware or the software that the company owns and uses to run its activities. It is thus the role of the organization to ensure that only the authorized persons have an access to these assets, and are configured using the very latest technological security encryptions in order to secure them against the threats and vulnerabilities. In order for the organization to properly protect the systems from any malicious attacks, it has to know the machine location and the operation of the enterprise machine itself, since most of the unauthorized access takes place during configuration management. As such, the organization can use efficient and feasible asset management tools (SAM) in order to effectively analyze their own hardware, software and data. In the proposed model above, there are suggested framework in the subsections for discovering and monitoring of the assets.
Asset classification
In this step, the above model will help to define, identify and classify the assets that are prone to damage by the threats and therefore needs protection. These assets are categorized on the basis of their value which is measured by considering the loss of confidentiality, integrity and availability types. Asset classification is beneficial to the organization since it can manage and store the data of the company in accordance with the data sensitivity and also determine the risks beforehand. For example, a company has the following computing resources: (CPU, storage or memory), personal information of its customers, encryption key, and applications. All these can be classified different trust levels, values and costs of damage. The importance of this classification is well understood by most of the organizations, but the priorities of asset classification differ in each organization. The following categories of assets consist of the most important data that every organization needs to protect in order to achieve its ultimate targets. First is the private information: This data receive threats from unauthorized persons who want to extract and collect information that the company considers private and confidential. These persons use fake registration data. The proposed model gives a solution that deploying the manager applications for private information can help the company to save on its confidentiality, integrity and availability of its data.
Figure 2: threats offending private data. Source (McRee, 2008):
Secondly is the financial asset. The development of the e-commerce values has increased data sharing by the interested users. However, this free will trading with unguarded security has led to uncontrolled data threat from one user to another. The attackers thus access the financial assets by releasing the cyber threats. For example, the major cyber threats are DDoS and Phishing attacks. Using these, the attackers are able to steal passwords, numbers of the credit cards, bank account information and other company’s confidential information. However, if the company considers using the above threat model, it will help to protect their data from online stealing, since the model is capable of encrypting all the financial assets of the enterprise (McRee, 2008). Thirdly is computing and network asset: this is an entity asset that is able to create, sustain, or destroy value at any given life-cycle stage (Amadi-Echendu, 2004). The analysis of the devices for the actual network or tangible assets such as a desktop computer, switch, router, server and data centre, and the provision of their security controls are inevitable for any company to succeed in protecting their system from malicious insider threats and any other attack which targets physical assets in order to terribly damage them. The network asset management in the above proposed model is able to manage risks, threats, increase system reliability and reduce cost. Finally is the application asset. The applications are used in storing, processing and transferring valuable information of the enterprise. Thus, it is of vital importance for the enterprises to ensure that development of the application is very secure. The above model has an application threat feature that is able to monitor the attackers on the application sector and then manage such risks and threats. In this application modeling, each application uses a separate data, thus allowing the organization to closely, separately and effectively monitor the risk and apply the expected security. This hybrid model proposes a combination of both numerical estimations and CVSS rating in order to estimate the degree of influence that the threats and vulnerability has on the global network (Zhao et al., 2011). When dynamic environments are developed, it is easier to estimate vulnerability and aggregate the model with techniques of high-rating, thus providing precise measurements to threats which in turn become economical and efficient.
Establishment of the user’s roles
When cloud computing is done by allowing flexibility of access, providing the ubiquity of data and relicensing, users will have the opportunity to access their required service at any time and in any place and then pay according to their data usage (Ryan, 2013). This notwithstanding, user’s roles should be established and should have a secure authentication, enhanced mechanisms for access control and authorization that is necessary in order to improve data availability, integrity and confidentiality. In the current technological development, banks and other firms access most of their users through the internet. It is thus important for such firms come up with techniques such as Role Based Access Control (RBAC) in order to assign each user with a manual secret code that would help enhance data security. RBAC assigns users with the organization’s roles, defines their privileges and benefits and support the security policies governing the users (Takabi et al., 2007).
CONCLUSION
This study has undertaken a review on the existing approaches to threat modeling and analyzed the weaknesses that lies in them. The study has then proposed a threat model that is able to take care of these weaknesses and provide a viable way of managing the threats. This proposed model allows gives the organization the room to identify possible threats and vulnerabilities, carry out countermeasure justification and then document the security risks which are most affected. This proposed model is different from the other existing models in that it is not based on the threats which are predefined, but instead, this novel model is able to define threats. This novel model is thus flexible, unlike the other static models which only deal with the expected threats. This research has also endeavored to expand a novel model which dynamic and which respects cloud essence as being very reliable, scalable, mobile and flexible. If we consider cloud computing in the IT companies, we would realize that it is the most innovative and leading strategy that is likely to attract much of the customer’s attention. It is thus necessary to implement the use of threat models like the one developed in this paper in order to satisfy the needs of cloud users and the service providers in relation to the underlying cloud computing security threats that they face.
REFERENCES
Amadi-Echendu. (2004). Managing physical assets is a paradigm shift from maintenance.
Singapore.Proceedings of the IEEE international engineering Management conference, volume 3, October 18-21, 2004, (pp. 1156-1160).
Bertino, E. L., Martino, F. Paci & Squicciarini, A. (2010). Security for web Services and
Service-Oriented Architechtures. p. 226. New York, USA: Springer.
Demchenko, Y. C., Ngo, M. X., Makkes, R. S. & Laat, de C. (2012). Defining internal cloud
architecture for interoperability and integration . proceeding of the 3rd international conference on cloud computing, GRIDs and Virtualization, july 22-27, 2012, (pp. 174-180). Nice, France .
Hamza, Y.A. & Omar, M.D. (2013). Cloud computing security: Abuse and nefarious use of
cloud computing. international journal of computer engineering Res.,3. , 22-27.
Hashizume, K. D. G., Rosando, E., Fernandez-Medina & Fernandez, E.B. (2013). An analysis
of security isssues for cloud computing. Journal of internet services application , 4-5.
Malik, N. A., Javed,M. Y. &Mahmud,U. (2008). Threat modeling in pervasive computing
paradigm. Proceedings of the mobility and security, New Technologies, November 5-7, 2008, (pp. 1-5). Tangier.
McRee, R. (2008). PTA: Practical threat analysis . information systems security
association , pp. 37-40.
Ryan, M.D. (2013). cloud computing security: The scientific challenge and a survey of
solutions. Journal of system software, 86. , 2263-2268.
Soares, L. F. B., Fernandes D.A.B., Freire. M. M. & Inacio, P. R. M. (2013). Secure User
authentication in cloud computing management interfaces. Proceedings of the IEE 32nd international performance computing and communications conference, December 6-8, 2013, (pp. 1-2). San Diego, CA, USA.
Takabi, H., Amini, M., & Jalili, R. (2007). Trust-based user role assignment in role based access
control. . Proceedings of the IEEE/ACS international conference on computer systems and applications, May 13-16, 2007, (pp. 807-814). Amman.
Zhao, F., Huang, H., Jin, H. & Zhang, Q. (2011). A hybrid ranking approach to estimate
vulnerability for dynamic attacks. Computer and Mathematics Application, 62. , 1.
