Abstract
Cloud computing is expected to become a common solution for deploying applications thanks to its capacity to leverage developers from infrastructure management tasks, thus reducing the overall costs and services’ time to market. Several concerns prevent players’ entry in the cloud; security is arguably the most relevant one. Many factors have an impact on cloud security, but it is its multitenant nature that brings the newest and more challenging problems to cloud settings. Here, we analyze the security risks that multitenancy induces to the most established clouds, Infrastructure as a service clouds, and review the literature available to present the most relevant threats, state of the art of solutions that address some of the associated risks. A major conclusion of our analysis is that most reported systems employ access control and encryption techniques to secure the different elements present in a virtualized (multitenant) datacenter. Also, we analyze which are the open issues and challenges to be addressed by cloud systems in the security field.
Similar content being viewed by others
References
Owens CD (2010) Securing elasticity in the cloud. Commun ACM 53(6):46–51. http://10.1145/1743546.1743565
Vaquero L, Rodero-Merino L, Caceres J, Lindner M (2009) A break in the clouds: towards a cloud definition. ACM Comput Commun Rev 39(1): 50–55
Chen Y, Paxson V, Katz RH (2010) Whats new about cloud computing security. Tech. Rep. UCB/EECS-2010-5, EECS Department, University of California, Berkeley
Viega J (2009) Cloud computing and the common man. Computer 42: 106–108
Molnar D, Schechter S (2010) Self hosting vs. cloud hosting:accounting for the security impact of hosting in the cloud. In: Workshop on the economics of information security
CSA: Cloud security guide (2009) Tech. rep., cloud security alliance. http://www.cloudsecurityalliance.org/csaguide.pdf
ENISA: Cloud computing: Benefits, risks and recommendations for information security (2009) Tech rep., European Network and Information Security Agency
Archer J, Boheme A, Cullinarie D, Puhlmann N, Kurtz P, Reavis J (2010) Top threats to cloud computing. Tech. rep., Cloud Security Alliance. http://www.cloudsecurityalliance.org/topthreats
Lu W, Keahy K, Freeman T, Siebenlist F (2005) Making your workspace secure: establishing trust with vms in the grid super computing. In: Supercomputing. Poster
Calder B, Chien AA, Wang J, Yang D (2005) The entropia virtual machine for desktop grids. In: VEE ’05: Proceedings of the 1st ACM/USENIX international conference on virtual execution environments, pp 186–196. ACM, New York, NY, USA. http://doi.acm.org/10.1145/1064979.1065005
Suzaki K, Yagi T, Iijima K, Quynh NA (2007) Os circular: internet client for reference. In: LISA’07: Proceedings of the 21st conference on large installation system administration conference, pp 1–12. USENIX Association, Berkeley, CA, USA
Jinpeng W, Xiaolan Z, Glenn A, Vasanth B, Peng N (2009) Managing security of virtual machine images in a cloud environment. In: CCSW ’09: Proceedings of the 2009 ACM workshop on Cloud computing security, pp 91–96. ACM, New York, NY, USA. http://doi.acm.org/10.1145/1655008.1655021
Constandache I, Yumerefendi A, Chase J (2008) Secure control of portable images in a virtual computing utility. In: VMSec ’08: Proceedings of the 1st ACM workshop on virtual machine security, pp 1–8. ACM, New York, NY, USA. http://doi.acm.org/10.1145/1456482.1456484
Descher M, Masser P, Feilhauer T, Tjoa AM, Huemer D (2009) Retaining data control to the client in infrastructure clouds. In: Availability, reliability and security, international conference on 0:9–16. http://doi.ieeecomputersociety.org/10.1109/ARES.2009.78
Baldwin A, Dalton C, Shiu S, Kostienko K, Rajpoot Q (2009) Providing secure services for a virtual infrastructure. SIGOPS Oper Syst Rev 43(1):44–51. http://doi.acm.org/10.1145/1496909.1496919
Raj H, Schwan K (2009) Extending virtualization services with trust guarantees via behavioral monitoring. In: VDTS ’09: Proceedings of the 1st EuroSys workshop on virtualization technology for dependable systems, pp 24–29. ACM, New York, NY, USA. http://doi.acm.org/10.1145/1518684.1518689
Baiardi F, Sgandurra D (2007) Building trustworthy intrusion detection through vm introspection. In: IAS ’07: Proceedings of the third international symposium on information assurance and security, pp 209–214. IEEE Computer Society, Washington, DC, USA. http://dx.doi.org/10.1109/IAS.2007.25
Garfinkel T, Rosenblum M (2003) A virtual machine introspection based architecture for intrusion detection. In: Proceedings on network and distributed systems security symposium, pp 191–206
Sala G, Sgandurra D, Baiardi F (2007) Security and integrity of a distributed storage in a virtual environment. In: Proceedings of 4th international IEEE security in storage workshop, pp 58–69
Perez R, van Doorn L, Sailer R (2008) Virtualization and hardware-based security. IEEE Secur Privacy 6(5):24–31. http://dx.doi.org/10.1109/MSP.2008.135
Aoyagi S, Oikawa S (2008) Ixiv vmm: a vmm on 2-level ring architecture. In: Computer and information technology, IEEE 8th international conference on 0:533–538. http://doi.ieeecomputersociety.org/10.1109/CIT.2008.Workshops.62
Sailer R, Jaeger T, Valdez E, Caceres R, Perez R, Berger S, Griffin JL, Doorn Lv (2005) Building a mac-based security architecture for the xen open-source hypervisor. In: ACSAC ’05: Proceedings of the 21st annual computer security applications conference, pp 276–285. IEEE Computer Society, Washington, DC, USA. http://dx.doi.org/10.1109/CSAC.2005.13
McCune JM, Parno BJ, Perrig A, Reiter MK, Isozaki H (2008) Flicker: an execution infrastructure for tcb minimization. In: Eurosys08: Proceedings of the 3rd ACM SIGOPS/EuroSys European conference on computer systems 2008, pp 315–328. ACM, New York, NY, USA
Carpenter M, Liston T, Skoudis E (2007) Hiding virtualization from attackers and malware. IEEE Secur Privacy 5: 62–65
Okamura K, Oyama Y (2010) Load-based covert channels between xen virtual machines. In: SAC ’10: Proceedings of the 2010 ACM symposium on applied computing, pp 173–180. ACM, New York, NY, USA. http://doi.acm.org/10.1145/1774088.1774125
Tromer E, Osvik DA, Shamir A (2009) Efficient cache attacks on aes, and countermeasures. J Cryptol 23(1): 37–71
Kocher PC (1996) Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In: CRYPTO ’96: Proceedings of the 16th annual international cryptology conference on advances in cryptology, pp 104–113. Springer, London, UK
Aviram A, Hu S, Ford B, Gummadi R (2010) Determinating timing channels in statistically multiplexed clouds. CoRR abs/1003.5303
Dunlap GW, Lucchetti DG, Fetterman MA, Chen PM (2008) Execution replay of multiprocessor virtual machines. In: VEE ’08: Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on virtual execution environments, pp 121–130. ACM, New York, NY, USA. http://doi.acm.org/10.1145/1346256.1346273
Karger PA, Safford DR (2008) I/o for virtual machine monitors: Security and performance issues. IEEE Secur Privacy 6(5):16–23. http://dx.doi.org/10.1109/MSP.2008.119
Wang Z, Jiang X (2010) Hypersafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In: 31st IEEE symposium on security and privacy
Murray D, Milos G, Hand S (2008) Improving xen security through disaggregation. In: 4th ACM SIGPLAN/SIGOPS international conference on virtual execution environments, pp 151–160
Karger PA (2005) Multi-level security requirements for hypervisors. In: ACSAC ’05: Proceedings of the 21st annual computer security applications conference, pp 267–275. IEEE Computer Society, Washington, DC, USA. http://dx.doi.org/10.1109/CSAC.2005.41
Wen-Zhi C, Hong-Wei Z, Wei H (2008) Sevmm: Vmm-based security control model. In: Proceedings of cyberworlds, international conference on 0:820–823. http://doi.ieeecomputersociety.org/10.1109/CW.2008.110
Garfinkel T, Pfaff B, Chow J, Rosenblum M, Boneh D (2003) Terra: a virtual machine-based platform for trusted computing. In: Proceedings of the nineteenth ACM symposium on operating systems principles, pp 193–206. ACM Press
Hirano M, Shinagawa T, Eiraku H, Hasegawa S, Omote K, Tanimoto K, Horie T, Kato K, Okuda T, Kawai E, Yamaguchi S (2008) Introducing role-based access control to a secure virtual machine monitor: security policy enforcement mechanism for distributed computers. In: Asia-Pacific conference on services computing. 2006 IEEE 0:1225–1230. http://doi.ieeecomputersociety.org/10.1109/APSCC.2008.14
Rueda S, Vijayakumar H, Jaeger T (2009) Analysis of virtual machine system policies. In: SACMAT ’09: Proceedings of the 14th ACM symposium on access control models and technologies, pp 227–236. ACM, New York, NY, USA. http://doi.acm.org/10.1145/1542207.1542243
Ristenpart T, Tromer E, Shacham H, Savage S (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: ACM conference on computer and communications security
Keller E, Szefer J, Rexford J, Lee R (2010) Nohype: virtualized cloud infrastructure without the virtualization. In: ISCA ’10: Proceedings of the international symposium on computer architecture
Ruan A, Shen Q, Yin Y (2008) A generalized trusted virtualized platform architecture. In: Young computer scientists, international conference for 0:2340–2346. http://doi.ieeecomputersociety.org/10.1109/ICYCS.2008.508
Berger S, Cáceres R, Goldman KA, Perez R, Sailer R, van Doorn L (2006) vtpm: virtualizing the trusted platform module. In: USENIX-SS’06: Proceedings of the 15th conference on USENIX security symposium. USENIX Association, Berkeley, CA, USA
Gebhardt C, Tomlinson A (2008) Secure virtual disk images for grid computing. In: APTC ’08: Proceedings of the 2008 Third Asia-Pacific trusted infrastructure technologies conference, pp 19–29. IEEE Computer Society, Washington, DC, USA. http://dx.doi.org/10.1109/APTC.2008.17
Lioy A, Ramunno G, Vernizzi D (2009) Trusted-computing technologies for the protection of critical information systems. J Inform Assur Secur 4: 449–457
Nuno Santos Krishna P, Gummadi RR (2009) Towards trusted cloud computing. In: Hot Cloud. http://www.usenix.org/event/hotcloud09/tech/full_papers/santos.pdf
Cabuk S, Dalton CI, Ramasamy H, Schunter M (2007) Towards automated provisioning of secure virtualized networks. In: CCS ’07: Proceedings of the 14th ACM conference on computer and communications security, pp 235–245. ACM, New York, NY, USA. http://doi.acm.org/10.1145/1315245.1315275
Tarnovsky C (2010) Deconstructing a secure processor. In: Black hat briefings federal. http://www.blackhat.com/presentations/bhdc10/Tarnovsky_Chris/BlackHat%DC2010TarnovskyDASPslides.pdf
Iliev A, Smith SW (2005) Protecting client privacy with trusted computing at the server. IEEE Secur Privacy 3(2):20–28. http://dx.doi.org/10.1109/MSP.2005.49
Antonelli CJ, Undy M, Honeyman P (1999) The packet vault: secure storage of network data. In: ID’99: Proceedings of the 1st conference on workshop on intrusion detection and network monitoring, pp 11–11. USENIX Association, Berkeley, CA, USA
Parno B (2008) Bootstrapping trust in a “trusted” platform. In: HOTSEC’08: Proceedings of the 3rd conference on hot topics in security, pp 1–6. USENIX Association, Berkeley, CA, USA
The genesis kernel: a virtual network operating system for spawning network architectures (1999)
Barham P, Dragovic B, Fraser K, Hand S, Harris T, Ho A, Neugebauer R, Pratt I, Warfield A (2003) Xen and the art of virtualization. In: SOSP ’03: Proceedings of the nineteenth ACM symposium on operating systems principles, pp 164–177. ACM, New York, NY, USA. http://doi.acm.org/10.1145/945445.945462
Sundararaj AI, Dinda PA (2004) Towards virtual networks for virtual machine grid computing. In: VM’04: Proceedings of the 3rd conference on virtual machine research and technology symposium, pp 14–14. USENIX Association, Berkeley, CA, USA
Touch J (2001) Dynamic internet overlay deployment and management using the x-bone. Comput Netw 36(2–3):117–135. http://dx.doi.org/10.1016/S1389-1286(01)00172-4
Andersen D, Balakrishnan H, Kaashoek F, Morris R (2001) Resilient overlay networks. In: SOSP ’01: Proceedings of the eighteenth ACM symposium on operating systems principles, pp 131–145. ACM, New York, NY, USA. http://doi.acm.org/10.1145/502034.502048
Bavier A, Feamster N, Huang M, Peterson L, Rexford J (2006) In vini veritas: realistic and controlled network experimentation. In: SIGCOMM ’06: Proceedings of the 2006 conference on applications, technologies, architectures, and protocols for computer communications, pp 3–14. ACM, New York, NY, USA. http://doi.acm.org/10.1145/1159913.1159916
Davoli R (2005) Vde: Virtual distributed ethernet. In: TRIDENTCOM ’05: Proceedings of the first international conference on testbeds and research infrastructures for the DEvelopment of NeTworks and COMmunities, pp 213–220. IEEE Computer Society, Washington, DC, USA. http://dx.doi.org/10.1109/TRIDNT.2005.38
Dalton C (2005) Xen virtualization and security. Tech. rep., HP Security Office
Housley R (2002) Rfc 3378. etherip: Tunneling ethernet frames in ip datagrams. RFC. http://www.faqs.org/rfcs/rfc3378.html
Sundararaj AI, Gupta A, Dinda PA (2004) Dynamic topology adaptation of virtual networks of virtual machines. In: LCR ’04: Proceedings of the 7th workshop on workshop on languages, compilers, and run-time support for scalable systems, pp 1–8. ACM, New York, NY, USA. http://doi.acm.org/10.1145/1066650.1066665
Jiang X, Xu D (2003) Violin: Virtual internetworking on overlay infrastructure. In: Proceedings of the 2nd international symposium on parallel and distributed processing and applications, pp 937–946. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.2.4260
Primet PVB, Gelas JP, Mornard O, Koslovski G, Roca V, Giraud L, Montagnat J, Huu TT (2009) A scalable security model for enabling dynamic virtual private execution infrastructures on the internet. In: CCGRID ’09: Proceedings of the 2009 9th IEEE/ACM international symposium on cluster computing and the grid, pp 348–355. IEEE Computer Society, Washington, DC, USA. http://dx.doi.org/10.1109/CCGRID.2009.76
Mather T, Kumaraswamy S, Latif S (2009) Cloud security and privacy: an enterprise perspective on risks and compliance. O’Reailly Media, Sebastopol, CA, USA
Soltesz S, Potzl H, Pluczynski M, Bavier A, Peterson L (2007) Copntainer-based operating system virtualization: A scalablem hig-performance alternative to hypervisors. In: Eurosys, pp 275–287
Jensen M, Schwenk J, Gruschka N, LoIacono L (2009) On technical security issues in cloud computing. Cloud Computing. In: IEEE international conference on 0:109–116
Casado M, Freedman MJ, Pettit J, Luo J, McKeown N, Shenker S (2007) Ethane: taking control of the enterprise. SIGCOMM Comput Commun Rev 37(4):1–12. http://doi.acm.org/10.1145/1282427.1282382
Bernstein D, Ludvigson E (2009) Networking challenges and resultant approaches for large scale cloud construction.In: Grid and pervasive computing conference, workshops at the 0:136–142. http://doi.ieeecomputersociety.org/10.1109/GPC.2009.10
Pffaf B, Pettit J, Koponen T, Anidon K, Casado M, Shenker S (2009) Extending networking into the virtualization layer. In: ACM SIGCOMM’s hot topics in networks (HotNets) workshops. http://conferences.sigcomm.org/hotnets/2009/papers/hotnets2009-final143.pdf
Rodero-Merino L, Vaquero LM, Gil V, Galán F, Fontán J, Montero RS, Llorente IM (2010) From infrastructure delivery to service management in clouds. Future Gen Comput Syst 26(8): 1226–1240
Jaquith A (2007) Security metrics: replacing fear, uncertainty, and doubt. Addison-Wesley Professional, Reading
Verendel V (2009) Quantified security is a weak hypothesis: a critical survey of results and assumptions. In: NSPW ’09: Proceedings of the 2009 workshop on new security paradigms workshop, pp 37–50. ACM, New York, NY, USA. http://doi.acm.org/10.1145/1719030.1719036
Krautsevich L, Martinelli F, Yautsiukhin A (2010) Formal approach to security metrics.: what does “more secure” mean for you? In: ECSA ’10: Proceedings of the fourth European conference on software architecture, pp 162–169. ACM, New York, NY, USA. http://doi.acm.org/10.1145/1842752.1842787
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Vaquero, L.M., Rodero-Merino, L. & Morán, D. Locking the sky: a survey on IaaS cloud security. Computing 91, 93–118 (2011). https://doi.org/10.1007/s00607-010-0140-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00607-010-0140-x