April 2013

Ensuring Cloud Security and Reliability

Confirmation of Candidature (PhD part -time)

University of Western Sydney School of Computing Engineering and Mathematics

By
Farhad Ahamed Supervisors:

Dr. Seyed Shahrestani and Dr. Bahman Javadi

Formatted: Right

Page |1

Contents
Abstract ........................................................................................................................................................................... 43 1. 2. Introduction ............................................................................................................................................................ 43 Research background.............................................................................................................................................. 54 2.1. 2.2. 2.3. 2.4. 2.5. 2.6. 2.7. 2.8. 2.9. 2.10. 3. 4. Zero-day exploitation ...................................................................................................................................... 65 Cross site scripting issues................................................................................................................................ 76 Distributed Denial of Service .......................................................................................................................... 76 Virtual machine image exploitation ................................................................................................................ 76 Trust and information sharing concerns ......................................................................................................... 87 Public Key Infrastructure related issue ........................................................................................................... 98 Data centric security approach ....................................................................................................................... 98 Privacy homomorphism ................................................................................................................................ 109 Side channels and resource sharing issues ................................................................................................... 109 Energy efficiency and VM consolidation: Security concern .................................................................... 1110

Research questions ............................................................................................................................................. 1312 Research methodology ....................................................................................................................................... 1413 4.1. Security oriented VM consolidation ........................................................................................................... 1413 Experimentation ................................................................................................................................. 1514 Simulation ........................................................................................................................................... 1514

4.2.1 4.2.2 4.2.

Side channels analysis for co-resident VMs ................................................................................................ 1514 Experimentation ................................................................................................................................. 1514 Statistical analysis ............................................................................................................................... 1514

4.2.1 4.2.2 5. 6. 7. 8.

Required resources ............................................................................................................................................. 1615 Timeline............................................................................................................................................................... 1615 Publishing plan .................................................................................................................................................... 1716 Conclusion ........................................................................................................................................................... 1716

References .................................................................................................................................................................. 1817 Abstract ............................................................................................................................................................................. 4 1. Introduction .............................................................................................................................................................. 4

Formatted: Right

Page |2

2.

Research background................................................................................................................................................ 5 2.1. 2.2. 2.3. 2.4. 2.5. 2.6. 2.7. 2.8. 2.9. 2.10. Zero-day exploitation ........................................................................................................................................ 6 Cross site scripting issues.................................................................................................................................. 7 Distributed Denial of Service ............................................................................................................................ 7 Virtual machine image exploitation .................................................................................................................. 8 Trust and information sharing concerns........................................................................................................... 9 Public Key Infrastructure related issue ............................................................................................................. 9 Data centric security approach ....................................................................................................................... 10 Privacy homomorphism .................................................................................................................................. 10 Side channels and resource sharing issues ..................................................................................................... 11 Energy efficiency and VM consolidation: Security concern ........................................................................ 12

3. 4.

Research questions ................................................................................................................................................. 13 Research methodology ........................................................................................................................................... 14 4.1. Security oriented VM consolidation ............................................................................................................... 14 Experimentation ..................................................................................................................................... 15 Simulation ............................................................................................................................................... 15

4.2.1 4.2.2 4.2.

Side channels analysis for co-resident VMs .................................................................................................... 15 Experimentation ..................................................................................................................................... 15 Statistical analysis ................................................................................................................................... 15

4.2.1 4.2.2 5. 6. 7. 8.

Required resources ................................................................................................................................................. 16 Timeline................................................................................................................................................................... 16 Publishing plan ........................................................................................................................................................ 17 Conclusion ............................................................................................................................................................... 17

References ...................................................................................................................................................................... 18
Formatted: No Spacing

Formatted: Right

Page |3

Abstract
Cloud computing is a heterogeneous architecture, benefitting from a range of technologies provisioning several IT services. Although the benefits of these services to scientific and business communities are obvious, ensuring effective and adequate security measures in Cloud environment remains a challenge and dominant concern to the Cloud customers. So, Cloud computing model is not adopted widely with its full capacity. On the other hand, saving energy in the large-scale data centers has gained large attention from the research community. Hence, Cloud providers consolidate virtual machines to utilize less physical machines and save power and operational cost. However, in this process they ignore security issues and trust among the customers. In fact, distributive and multi-tenancy nature of Cloud computing paradigm increased risk and security vulnerabilities like resource monitoring, virtualization, side channels threat, and denial of service. Considering these security issues, we aim to fill the existing research gap with (1) proposing security oriented virtual machine consolidation and (2) mitigating the security threat that emerges from side channels in co-resident virtual machines in Cloud computing environments.

Keywords: Cloud computing security; VM consolidation; Side channel; VM security;

1. Introduction
Cloud computing is a heterogeneous architecture, benefitting from a range of technologies provisioning several IT services. There are five widely accepted characteristics common to Cloud systems that are identified by National Institute of Standards and Technology (NIST) [1]. These are on-demand selfservice, broad network access and diversity of client devices, resource pooling, rapid elasticity, and measured service with the pay-per-use business model. Resource pooling allows the Cloud providers to serve multi-tenant clients by managing resource utilization efficiently using virtualization, resource partitioning, and workload balancing. Rapid elasticity scales the needed resources in a dynamic manner. Other important features include the heterogeneity on both provider and client sides, and multi-provider services. Cloud computing is considered as one of the major shifts in contemporary computing. The Internet, web applications, cluster computing, terminal services, and virtualization have all contributed to Cloud computing. They have set the grounds for the remote service clients to utilize distributed computing, resource sharing and pay-as-you go models needed in the Cloud architecture [2]. Three major parts construct the bulk of services in Cloud computing environments [3, 2]. One part is referred to as Software-as-aService (SaaS). This service enables the Cloud client machines to use the software on a Cloud server, as if it were within their local work environments. Platform-as-a-Service (PaaS) provides software development platforms for clients. This can reduce the overheads associated with maintenance and infrastructure. Infrastructure-as-a-Service (IaaS) is the third part. Essentially, IaaS provides software, hardware, and network resources, as virtual but apparently on-demand services. Many of the attacks on Cloud systems relates to their distributed and shared environments. These attacks are considered as traditional network threats and inherited to Cloud environments. Denial of Service (DoS)
Page |4

Formatted: Right

attacks or Cross Site Scripting (CSS) threats are examples on this category [4]. On the other hand, some threats are specific to Cloud environments. This may for instance be related to multi-tenancy nature of the Cloud server or to virtual machines (VM) that form the basis of the Cloud computing paradigm [4]. In either of these cases, traditional cryptography and its evolutions play dominant roles in addressing underlying challenges [5]. Clearly, the challenges in securing the Cloud and the potential solutions encompass many old and new ideas. These are very active research areas and the resulting publications can be overwhelming. In this document, we categorize the security challenges in Cloud. We include the current research directions and more importantly to determine the research areas in securing Cloud. We also pointed out what will be our focus during the research. We discuss the background for this research in section 2. Then, we present the research questions in section 3. We provide the research methodology in section 4. Approximate timeline for the research is provided in section 5. Then, we outline publishing plan in section 6. Finally, section 7 presents the concluding remarks.

2. Research background
Cloud Security Alliance (CSA) has identified seven domains of security threat [6, 7]. Fig 1 summarizes these threat domains. Data integrity in Cloud environment is also a challenge for Cloud service providers (CSP). Either traveling of data in clusters, in VMs, in databases, or into third party storages, data ownership should be always attached to the end users or they should have mechanism to audit the data and verify the logs of data access. Encrypted data can provision these characteristics.

Figure 1. Cloud Security Alliance identified threat domains in Cloud computing There is ongoing research to address how to perform operation on encrypted data without decrypting it. Additionally, it is required to conduct further research to investigate how to sort, search over encrypted data and metadata. These are also discussed in later sections. Data security on remote resources with multiple shared users, security on network transmission protocol, encrypted information, and multiparty data or service provision are examples of conventional or more traditional security threats.
Formatted: Right

Page |5

2.1. Zero-day exploitation

By manipulating conventional mechanisms or simply by exploiting poorly designed Application Programming Interface (API) of the Cloud software providers, attacks on Cloud environment can be intensified. Poorly designed API may present another set of issues. Such APIs usually lack the security measures and can cause servers crashing or they may gain execution privileges for unauthorized users [8]. Fig 2 is a summary of the major security threats that has been recently reported [9]. From this figure, it is clear that a large percentage of attacks are still in the category of traditional threats. The major attacks in this category, namely malware, CSS, and DoS are discussed in the rest of this section. Malicious software (malware) refers to a range of hostile software that by character are intrusive. Their variations have been considered to pose major threats since internetworking gained popularity. Despite various antivirus programs and firewall set-ups, sophisticated malware is still reported to gain access to various computing systems. For example, recent attacks by Stuxnet and Flame have shown how vulnerable Cloud computing environments to sophisticated malware are [10, 11]. A zero-day exploit is an attack that takes advantage of security vulnerability on the same day that it becomes commonly known. It is a process that widely used by smart malwares for spreading the malicious code through some network. To mitigate the effects of these codes, some providers provide lightweight architecture that incrementally update the systems of their clients in near real-time [12]. It needs to be noted that, there is no known mechanism to identify the relevant security issues, before the attack happening and in a pro-active manner. There has been some progress in addressing these issues through for instance, by analyzing the behavior of network users or by sophisticated intrusion detection systems. But the research in this area is ongoing [13].

Figure 2. Major attack types on Cloud services

Formatted: Right

Page |6

2.2. Cross site scripting issues

Some studies have indicated that attacks on web services constitute more than 60% of the total attempts at exploiting online vulnerabilities [14]. It has also been shown that injection flaws and cross-site scripting are among the most common liabilities of these services [15, 16]. This is further complicated by noting that some provider sites, like Amazon use Simple Object Access Protocol (SOAP) based Cloud control interface to monitor, add, and remove VM instances. SOAP provides for the exchanges of structured information needed for the use of such web services and is reliant on XML. XML signature wrapping attacks on public SOAP interface in the Cloud have been reported to cause the formation of new instances of VM as well as starting and stopping of existing VM [17]. Code injection in web applications poses an ongoing threat due to immature coding and lack of preventive measures [18]. To prevent injection flaws and cross-site scripting, automatic approaches to detect vulnerabilities have been suggested [19]. In these approaches, rather than modifying interpreters or compilers, a taint analysis of could-related web applications that consider persistent storage, opaque objects and security policies, are to be used.

2.3. Distributed Denial of Service

Botnet is a collection of compromised computers or bots. Botnets attackers may utilize Cloud resources to expand their network and processing power, posing a threat to the very shared resources they are using on the same host [20]. Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks on shared resources or on the Cloud server can cause devastating impacts in provisioning of the Cloud services. The semantic and flooding DDoS attacks are well known and the associated risks are well researched [21]. Fraudulent Resource Consumption (FRC) attack on Cloud servers are analogous to an application-layer DDoS attack. As the name implies, FRC attacks fraudulently consume bandwidth and other resources of the Cloud services resulting in financial liabilities for the Cloud clients [22]. Utility computing in Cloud environments is particularly vulnerable to such attacks, where the attackers seek to exploit the utility pricing model to harm the victim financially. It has also been shown that DoS attacks on Cloud systems can cause the OS kernel to crash and for some systems, the crash can be sustained in the VM level [23].

2.4. Virtual machine image exploitation

There are newer security concerns that more specific to Clouds for instance due to the inherent sharing resources, virtualization, and other underlying technology-related issues. In the Cloud paradigm, virtualization and VMs are the basis of providing remote desktop capabilities. Some clients may require a large number of VMs to cover their developing, integration, testing, and deployment needs. Obviously, the security protections of all these VMs need to be up-to-date to prevent security breaches and leaks. Given the scale of the task, this is a serious challenge [24]. Maintaining the integrity of saved images can also be challenge for virtualization providers [25]. It has been demonstrated how a malicious insider can obtain passwords, cryptographic keys, files and other confidential data of the Cloud users from the data stored in VMs [26].
Formatted: Right

Page |7

In public Cloud environments, the data owner does not normally have full physical control over their data.

Figure 3.

The required security charactaristics surrounded by the security threats

To ensure the integrity of data, periodic audit is necessary. To address the growing concerns about the associated loss of control over private data hosted in the Cloud, an architecture for a secure data repository service, motivated by the smart power grid domains has been proposed [27]. The system masks file names, user permissions, and access patterns while providing auditing capabilities with provable data updates. Providing and managing end user access in the Cloud while enforcing the security policies is an ongoing research issue. If the security of a VM is compromised, the rest of the VM holders, at least those on the same physical machine, will be concerned. To monitor these attacks, while preserving data privacy, some security and access management framework has been proposed [28]. A Cloud provider, CloudPassage, claims to be capable of securing the servers across public, private and hybrid Clouds and give real-time detection for a wide range of security events and system states [29]. However, this type of monitoring requires autonomic intelligent alarm systems and self-defense capabilities.

2.5. Trust and information sharing concerns

A major issue in Cloud computing relates to establishing trust between the servers and the clients. Some argue that such trust relations must be formed dynamically [30]. Many services, like Google email, Orkut mail services, and some social networking services, use trust or referral-based information filtering to protect mail servers from spammers [31]. In Cloud environments, it is not easy to establish trust when a server shares data with another server. This is particularly true when the source server does not have control over the destination server to enforce data sharing rules on that server [32]. At any case, it remains a challenge to enforce predefined security policies across the servers and services. To ensure confidentiality and privacy in the Cloud, several issues need to be addressed [33]. These include management of identities, credentials, privileges, cryptographic keys, and other security information.
Formatted: Right

Page |8

2.6. Public Key Infrastructure related issue

Given the diversity of threats discussed in previous parts, the classical security approaches lead to focusing on solutions based on encryption techniques. These techniques can be used for storing the encrypted data on remote severs and sharing them with legitimate users or groups. Most encryption systems for secure transaction and communication over Internet rely on PKI, either directly or indirectly. The functioning of PKI is dependent on trustworthy Certifying Authorities (CA). There are over 600 CAs around the globe [34]. Managing trustworthiness for all these certificate-issuing authorities, has become a major challenge in its own right. For instance, in 2011, DigiNotar CA was compromised. They could not provide any information regarding the number of fraudulent certificates issued or any information about the nature of the data leakage [35]. To resolve the problem, major browsers blocked DigiNotar CA, and all their clients had to revoke their certificates. A similar incident with Comodo, a major CA, raised concerns among the Cloud community [11, 16]. The incident occurred in late 2010, where login credential of an employee of Comodo was compromised. Subsequently, fraudulent digital certificate of Cloud service providers like Google and Yahoo were generated. These resulted in many man in the middle attacks using the fraudulent certificates over several months with an unknown number of email accounts monitored. To minimize the impact of fraudulent certificates, DNSSEC protocol has been introduced to mitigate the effects of the man-in-the-middle attack [11]. DNSSEC leverages PKI and CA into DNS level, protecting the local user. DNSSEC on the other hand does not provide any solution on DoS attacks. It actually makes the problem more complex by including itself in the list of prime targets in the network. Cross certification and interoperability issues within PKI infrastructure may lead to trust management chaos as it is impractical to have a singular trusted CA for all the countries, domains and businesses [14, 36]. Revoking the fraudulent certificates is not an easy task, as the Certificate Revocation List (CRL) is not maintained by all the involved parties due to cost and processing overhead for their system. There are suggestions that alternate authentication, confidentiality and privacy provisioning architecture that avoid PKI are needed [37, 38].

2.7. Data centric security approach

Another widely used approach is to encrypt the data by a symmetric key. This approach is not scalable. An extension of it though, creates meta-data from the information and sends semantics or keywords within the encrypted meta-data. When the user gets matching of encrypted meta-data, selected data will be downloaded to local machine. The data can only be decrypted, if the user has the required key. Clearly, this approach avoids the overhead of unnecessary decryption of the data to be searched [39]. To preserve data confidentiality on the Cloud, the data is encrypted in one way or another. Consequently, traditional data utilization services that are based on plain text keyword search lose their usefulness. Datacentric approach is one way of overcoming this problem and providing access to legitimate users. The users get access to data encrypted with the secret key that is associated with the data itself. There are several issues with data sharing among the applications hosted on Clouds based on this approach [22, 40]. Another approach to overcome the problem is based on using fuzzy keyword search over encrypted Cloud data using symmetric searchable encryption [41].
Formatted: Right

Page |9

2.8. Privacy homomorphism

A more ambitious alternative that aims to achieve computations on encrypted data is referred to as homomorphic encryption scheme [42]. Partial Homomorphic Encryption (PHE) generally provides for homomorphic addition or multiplication on ciphertext. Some useful applications that utilize PHE are becoming available [43-45]. An example of these applications is an additively homomorphic encryption to perform secure electronic voting [46]. Fully Homomorphic Encryption (FHE) can help with providing Secure Computing Outsourcing (SCO) [47, 48]. FHE is shown to enable Turing machines to run algebraic operations on encrypted data without decrypting them [49]. Utilizing FHE, trust is not a prerequisite for allowing an entity to carry out computational operations on the data. Because, the operations are carried out on encrypted data and result in ciphertext. As such, public Cloud servers for instance, can be employed without any concerns for compromising data privacy or confidentiality [50]. Clearly, an efficient and fully homomorphic cryptosystem will be of substantial advantage for outsourcing of private computations [47, 51]. That is a long time away. There have been some attempts to develop FHE system, however further theoretical improvement is required [52]. However, several schemes that aim to formulate a method for Somewhat Homomorphic Encryption (SWHE) first, and apply bootstrapping techniques later to decipher the text have been proposed [53, 54, 48, 52, 55, 56]. FHE is not yet ready for building applications and requires extensive computation capabilities [57]. FHE operations on integers or using ideal lattice can be the target of a Chosen Ciphertext Attack (CCA) [58, 59]. Overcoming CCA issue and avoiding bootstrapping are the essential requirements for FHE being prosperous in provisioning SCO [60, 61].

2.9. Side channels and resource sharing issues

Side channels are a well-known phenomenon in Electronics for cryptanalysis. In theory, if the attacker can get hold of the physical device, they can break into the device by discovering the secret key utilizing side channels attack. Information leakage can occur when an attacker observe/interfere in the processing cycle of the server. Listening to the electro-magnetic emission also reveals some raw information about the ongoing process. To construct a successful side-channel requires overcoming challenges including core migration, numerous sources of channel noise, and the difficulty of preempting the victim with sufficient frequency to extract fine-grained information from it. Cloud computing is capable of providing storage and processing power at lower costs in comparison to locally arranging for these. But as a side effect, this may be of benefit to so-called hacker community or to occasional hackers [62]. Identity theft and stolen credit cards can help the hackers to register with false identities for Cloud resources. With the VM model and sharing of the resource in Cloud environments, their fraudulent monitoring is of concern. These may for example relate to observing CPU usage, caches and network activity, disk writing timing, and in more serious cases, retrieving the passwords or other information from the servers [63]. The security characteristics that is required from Cloud services and surrounding attacks types are shown in Fig. 3 Multi-tenancy system is prone to disclosing CPU cache memory, timing analysis, and tracking of hardware resources. These can open the door to side channels that
P a g e | 10

Formatted: Right

passively observe the information, or to covert channels that actively send data [64, 65]. An attacker can detect the target VM in a server using the techniques like measuring cache usage, load-based co-residence detection and estimating traffic rates on network address [66]. When the target virtual instance and malicious instance are in the same physical machine, monitoring the CPU, memory, network utilization, and other behavior patterns can lead to cross VM information leakage. It has been proposed that new systems with secure cache be designed to overcome some of these issues [67]. However, this is on theoretical stage and exhausting number of server already dedicated for Cloud with shared CPU design. For our convenience to address the Cloud security, side cannel attacks roughly can be categorized into three types [68]. These are time-driven side channels, access-driven side channels and trace-driven side channels. A time-driven side-channel attack is possible when the total execution times of cryptographic operations with a fixed key are influenced by the value of the key, e.g., due to the structure of the cryptographic implementation or due to system-level effects such as cache evictions. This type of influence can be exploited by an attacker who can measure statistically such timing to infer information about the key. A second class of side-channel attacks is trace-driven. These attacks continuously monitor some aspect of a device throughout a cryptographic operation, such as the devices power draw or electromagnetic emanations. The ability to monitor the device continuously makes these attacks quite powerful but typically requires physical proximity to the device, which we do not assume here. The third class of side-channel attack, of which ours is an example in the methodology, is an access-driven attack, in which the attacker runs a program on the system that is performing the cryptographic operation of interest. The spy program observes usage of a shared architectural component to learn information about the key, e.g., the data cache, instruction cache, floating-point multiplier, or branch-prediction cache. Recently multiple research papers are referred to exploit the data cache to extract private key [66, 68]. This attack is considered as asynchronous, meaning that they do not require the attacker to achieve precisely timed observations of the victim by actively triggering operations of the victim. These attacks leverage CPUs with simultaneous multi-threading (SMT) or the ability to game operating system process schedulers; none was shown to work in symmetric multi-processing (SMP) settings.

2.10. Energy efficiency and VM consolidation: Security concern

One of the major concerns in large-scale data center is power consumption. So, energy efficient processing and Cloud infrastructure has drawn attention to the research community. One PM can host many VMs. After consolidation of scattered VMs in various PMs, some of the PMs can be powered off. In this method, it is possible to save lot of energy. Therefore, VMs consolidation offers cheaper computation and reduces energy and management overhead [69]. As a result, the practice of consolidation of VMs among the Cloud providers became popular and wide spread [70]. As mentioned earlier co-resident VMs can pose threat of stealing secret key from a cryptographic process. On the other hand, it would be beneficial for the Cloud providers to have a security strategy to consolidate
Formatted: Right

P a g e | 11

the VMs. Therefore, it is necessary to employ software centric security to reduce security risk of VM consolidation. There are knowledge base network vulnerability tools (Snort, OpenVAS) that are used for intrusion detection service (IDS) and intrusion prevention service (IPS) [71]. These tools focus on the victim to eliminate the threat. However, there is a research gap to put focus on the attacker, when it is launching the attack or probing for suspected attack. We can identify a suspected attack by analyzing the resource consumption behavior, network probing, signature-based attack, etc. There has been some work to identify signature-based attacks to develop IDS and IPS [13]. Essentially, data mining and pattern recognition techniques are used to develop algorithms to recognize malware attacks.

Formatted: Right

P a g e | 12

3. Research questions
In this section, we discuss the research questions. Based on classification of threats in Cloud computing presented in the section 2, our research will fall within the share technology issues in Cloud computing environment. In the following, we explain the details of the research questions: 1. Power consumption is one of the main sources of operational cost in the data centres. To save energy and power in large data centres, instances of the VMs are consolidated within same physical machines. Cloud providers apply these policies to private, public or hybrid Cloud without considering security. However, co-residency of VMs is can introduce some security challenges. a) How the safety of other tenants in Cloud can be ensured by characterise a particular VM unsafe? b) What are the security parameters based on VM resource usages pattern that must be included in their security profiles? How can be these profiles measured without violating their access privilege and privacy policy? c) Each VM sends interrupts, requests for CPU clock cycle for processing. These VMs utilize server disks, dynamic memory and network bandwidth. Additionally, these VMs access diverse resources on the network. How we can construct these security profiles based on process, memory and network utilization of the VMs? d) Large computation tasks and data instances are sliced into small units and distributed to the Cloud. Having the security profile of the VM, how we can ensure distribution of tasks will be scalable in terms of the security? 2. A user can monitor the cryptographic process on co-resident VMs by utilizing side channels attacks. Eventually, by applying statistical methodology analysis on collected data, they could decipher the secret key (AES or RSA) of the running process of the target VM. How we can mitigate side channel threat from shared CPU cycle, shared cache memory in public Cloud? a) One of the possible ways to hide the cryptographic processing information from side channel attack is to increase processing noise randomly. A defender process can create a shell to run cryptographic process to hide the real crypto key. How we can achieve solution that can be applied locally to the shared VMs to secure the cryptographic process? b) VMs has no real access to physical machine entropy, therefore, there is good possibility to generate same random number by different VMs. These periodic random numbers are used for secure network communication that could be compromised. This threat becomes real when there is co-residence of VMs. How we can alleviate this probability of random number generation?

Formatted: Right

P a g e | 13

4. Research methodology
In this section, we discuss research methodology to address the research questions. We present four layers of Cloud architecture model in the figure 4. PMs and VMs construct the foundation in the layer one. In the layer two, VM manager performs management and administration tasks. The third Llayer threep provides platform for the Cloud services for through a Cloud middleware. Lastly, layer four provides Cloud applications to the customers and Cloud brokers. Considering the first research question, our focus will be on building a security service on layer 3. Additionally, we will also focus on layer 2 to investigate the second research question and simulate a threat scenario that would lead to build a VM protector component. Layer 4 Cloud applications Layer 3 Cloud services Layer 2 Management and administration tools
VM n

Users
Security service VM protector
VM 1

Brokers

Cloud middleware

VM manager

VM 2

Layer 1 Virtual and physical machines

PM 1

PM 2

PM n

Figure 4: Cloud security service in Cloud architecture stack

4.1. Security oriented VM consolidation

VMs can be configured to provide services to the Cloud users as well as Cloud users can use VMs as their workstation. In some scenario, a VM can perform as service provider as well as are acting as servers or simple clients or can play multiple rolesservice client. In Cloud environment, each VM will access Cloud resources, web sites, database, web apps etc. By accessing different resources, they will create their network request profile. Some of their network-probing request could be malicious in nature. Intrusion detection knowledge based system or attack pattern recognition system will aid to categorize security parameters. Further research on the VMs behavior will contribute to construct the security profile. Aiming to consolidate VMs based on security profiles, we break down the tasks into two phases. In the first phase, we will setup
Formatted: Right

P a g e | 14

experiment on real system. We will identify the major characteristics or parameters that will be considered for constructing the security profile. In the second phase, we will use simulator to analyze experiment results. Later in second phase, we will consolidate VMs utilizing the threat classification and parameters.

4.2.1 Experimentation
In our experiment, we will setup a real private Cloud environment using Open Stack. Multiple VMs will run simultaneously to generate traffic by connecting with Internet or intranet. We will utilize traffic catcher like Wireshark to intercept the network packets [72]. Then, based on the collected data, we would seek to discover network access or attack pattern. We may also construct network devices trusted tree to contribute to security profile of VMs. We can look into the possibilities to develop additional modules on open source tools like Snort or OpenVAS to serve the purpose of creating security profiles [71] [73]. These modules would provide vulnerability value of each VM based on signature-based attacks. The end users may pre-define a vulnerability value for specific signature attacks to be high, medium, low, or based on any numeric value.

4.2.2 Simulation
After the generation of security profile, we will simulate VMs consolidation environment. For simulation, we will use CloudSim which is an open source tool to consolidate the VMs based on security profile [74]. CloudSim can generate large scale VMs testing environment. Existing VM consolidation algorithms will be used in the simulation; however, we need to extend the algorithm considering security profile. Then, the simulation result can be analyzed with Matlab for performance metrics analysis purpose [75].

4.2. Side channels analysis for co-resident VMs

To address the second research question, experiment will be conducted and statistical analysis will be performed. Firstly, multiple VMs will be used in a single physical machine and resource utilization will be monitored from within a VM. Then in the next phase, a toolbox will be developed to extract secret key from the co-resident VM utilizing side-channels attack.

4.2.1 Experimentation
Multiple VMs will be installed in a PM for the experiment. Initially, we will start the experiment and data collection with three VMs. The target VM will run continuous cryptographic process with a secret key. The attacker VM will run a spy process to monitor CPU cycle and memory usages patterns for all the VMs. Data will be collected from the process and cache memory to find out maxima and minima of CPU utilization as well as CPU cache hit from different VMs.

4.2.2 Statistical analysis

As mentioned, to construct a successful attack we will identify CPU cache usages pattern. A program will be coded to assist to monitor and measurement CPU cache. Ideally, pattern recognition technique like sequence of Support Vector Machines (SVM) classified labels will be used to identify pattern of cache usages. Statistical analysis like frequency distribution will be used to deduct noise from the collected data of cache
P a g e | 15

Formatted: Right

usages. This analysis would open door to insert and read from the physical memory of the target VM. Then, code will be developed to insert and extract the secret key from the cache.

5. Required resources
The following listed resources are required for this research. 1) 2) 3) 4) 5) 6) 7) 8) Multiple physical servers ( minimum 3 PMs ) VMware virtual machines software suite ( ESXi, etc.) VMs with Windows, Linux ( minimum 6 VMs with 2 VMs per PM) Open Stack Cloud middleware Wireshark OpenVAS Matlab Eclipse, CloudSim

6. Timeline
In this section, we include the approximate timeline to accomplish milestone for this research. This schedule is outlined for part-time research. If sponsorship or scholarship is received, the research schedule will be reduced by multiple semesters.
2012 Semester 1 2014 Semester 3 2015 Semester 4 Identify the Research question and Methodology Conference Publication Journal Publication Define the Research question and Methodology Confirmation of candidature Classification and identification of the security parameters, patterns to be identified during experiment Setup experiment environment using Open Stack Conference Publication Data collection [ Number of threats, level of threats, vulnerability type, VM cache usages] Data analysis [ Statistical analysis of cache usages, develop code] Conference Publication Develop an algorithm to quantify the VM security profiles Data collection Data analysis [ Look for possible solution to avoid side-channel attack] Journal Publication Thesis draft
Formatted: Right

2013

Semester 2

P a g e | 16

2016

Semester 5

Use simulation tool for consolidation and performance checking. Data collection and analysis Conference Publication Thesis writing, finalizing , proofreading Journal Publication Thesis submission Left for unforseen reason

2017

Semester 6

2018-19

7. Publishing plan
2012 Farhad Ahamed, Seyed Shahrestani and Athula Ginige, Addressing the Challenges in securing Cloud computing, The 19th IBIMA conference proceeding, Barcelona, Spain. Farhad Ahamed, Seyed Shahrestani and Athula Ginige, Cloud Computing: Security and Reliability Issues, Communications of the IBIMA, vol. 2013, Article ID 655710, 12 pages, DOI: 10.5171/2013.655710 2013 Publish in IEEE e-Science conference / UCC Conference 2014 Publish in IEEE CloudCom conference 2015 Publish in IEEE Transactions on Cloud Computing 2016 Publish in IEEE Cloud Conference 2017 Publish in IEEE Transactions on Cloud Computing

8. Conclusion
Cloud computing paradigm has gained popularity due to inexpensive operating costs and pay per usages model. On the other hand, as it is presented in this document, traditional, contemporary and potential security threats resulted non-geometric growth of Cloud computing. Due to the inherent multi-tenancy architecture and virtualization environment, Cloud-computing environments are prone to threats that can intervene with any distributed system. Furthermore, widely used PKI can be the underlying cause for some security issue. There have been solutions suggested for overcoming some of these issues. For example, datacentric solutions can provide security enhancement for some applications that utilize Cloud resources. To minimize security risks due to co-residency of VMs, detection of security profile of the VMs needs to be sorted. Hence, our research will focus on discovery and quantification of security threats in Cloud
Formatted: Right

P a g e | 17

environment, provide security service in relation to VM consolidation, and mitigate the threat of sidechannels in multi tenancy Cloud.

References
[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] M. Hogan, F. Liu, A. Sokol, and J. Tong, "NIST Cloud Computing Standards Roadmap", 2011. L. Youseff, M. Butrico, and D. Da Silva, "Toward a Unified Ontology of Cloud Computing", presented at the Grid Computing Environments Workshop, 2008. GCE '08, 2008. L. M. Vaquero, L. Rodero-Merino, J. Caceres, and M. Lindner, "A break in the clouds: towards a cloud definition", SIGCOMM Comput. Commun. Rev., vol. 39, pp. 50-55, 2008. Y. Chen, V. Paxson, and R. H. Katz, "Whats new about Cloud Computing Security? ", EECS Department, University of California, Berkeley, 2010. S. Kamara and K. Lauter, "Cryptographic cloud storage", presented at the Proceedings of the 14th international conference on Financial cryptograpy and data security, Tenerife, Canary Islands, Spain, 2010. Cloud Security Alliance. (2011). Security guidance for critical areas of focus in Cloud computing [Webpage]. Available: https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf Cloud Security Alliance. (2009). Top Threats in Cloud Computing v 1.0 [Webpage]. Available: https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf M. Henning, "API design matters", Queue, vol. 5, pp. 24-36, 2007. Web Hacking Incident Database. (2011). [Webpage]. Available: http://projects.webappsec.org/w/page/13246995/WebHacking-Incident-Database L. Essers. (2011). Dutch Government Struggles to Deal With DigiNotar Hack [Webpage]. Available: http://www.pcworld.com/businesscenter/article/239639/dutch_government_struggles_to_deal_with_diginotar_hack.html ICANN. DNSSEC Standards [Webpage]. Available: http://www.icann.org/en/news/in-focus/dnssec/standards TechWeb. (2006) Exploit Prevention Labs Ships Zero-day Exploit Blocker. TechWeb. 1-1. Available: http://search.proquest.com/docview/201528695?accountid=36155 B. Lahiri, "Detecting exploit patterns from network packet streams," Ph.D. 3511430, Iowa State University, United States -- Iowa, 2012. SANS Institute. (2009). The top cyber security risks [Webpage]. Available: http://www.sans.org/top-cyber-security-risks S. Lloyd, D. Fillingham, R. Lampard, S. Orlowski, and J. Weigelt, "CA-CA Interoperability", PKI Forum, Mar, 2001. Open Web Application Security Project. (2010). OWASP Top 10 Risks [Webpage]. Available: http://www.owasp.org/index.php/Top_10_2010 J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N. Gruschka, and L. L. Iacono, "All your clouds are belong to us: security analysis of cloud management interfaces", presented at the Proceedings of the 3rd ACM workshop on Cloud computing security workshop, Chicago, Illinois, USA, 2011. M. Johns, "Code injection vulnerabilities in Web applications - Exemplified at Cross-site Scripting," University of Passau, Passau, 2009. L. Bello and A. Russo, "Towards a taint mode for cloud computing web applications", presented at the Proceedings of the 7th Workshop on Programming Languages and Analysis for Security, Beijing, China, 2012. S. Kandula, D. Katabi, M. Jacob, and A. Berger, "Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds", presented at the Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2, 2005. J. Mirkovic and P. Reiher, "A taxonomy of DDoS attack and DDoS defense mechanisms", SIGCOMM Comput. Commun. Rev., vol. 34, pp. 39-53, 2004. J. Idziorek and M. Tannian, "Exploiting Cloud Utility Models for Profit and Ruin", presented at the Cloud Computing (CLOUD), 2011 IEEE International Conference on, 2011. A. Kurmus, M. Gupta, R. Pletka, C. Cachin, and R. Haas, "A comparison of secure multi-tenancy architectures for filesystem storage clouds", presented at the Proceedings of the 12th ACM/IFIP/USENIX international conference on Middleware, Lisbon, Portugal, 2011. T. Garfinkel and M. Rosenblum, "When virtual is harder than real: Security challenges in virtual machine based computing environments", In Proceedings of the 10th HotOS, 2005. J. Wei, X. Zhang, G. Ammons, V. Bala, and P. Ning, "Managing security of virtual machine images in a cloud environment", presented at the Proceedings of the 2009 ACM workshop on Cloud computing security, Chicago, Illinois, USA, 2009. F. Rocha and M. Correia, "Lucy in the sky without diamonds: Stealing confidential data in the cloud", presented at the IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W), 2011.
Formatted: Right

[18] [19] [20]

[21] [22] [23]

[24] [25]

[26]

P a g e | 18

[27]

[28] [29] [30]

[31] [32] [33] [34] [35] [36] [37] [38] [39] [40]

[41] [42] [43] [44] [45] [46] [47] [48] [49] [50] [51]

[52] [53]

A. G. Kumbhare, Y. Simmhan, and V. Prasanna, "Designing a secure storage repository for sharing scientific datasets using public clouds", presented at the Proceedings of the second international workshop on Data intensive computing in the clouds, Seattle, Washington, USA, 2011. M. Almorsy, J. Grundy, and A. S. Ibrahim, "Collaboration-Based Cloud Computing Security Management Framework", presented at the IEEE International Conference on Cloud Computing (CLOUD), 2011. A. R. Hickey and J. E. McCarthy, "20 Coolest Cloud Security", CRN, pp. 24-n/a, 2012. Y. Demchenko, N. Canh, C. de Laat, T. W. Wlodarczyk, R. Chunming, and W. Ziegler, "Security Infrastructure for Ondemand Provisioned Cloud Infrastructure Services", presented at the IEEE Third International Conference on Cloud Computing Technology and Science (CloudCom), 2011. J. Golbeck. (2004). Trust Networks for Email Filtering [Webpage]. Available: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.81.6090&rep=rep1&type=pdf K. M. Khan and Q. Malluhi, "Establishing Trust in Cloud Computing", IT Professional, vol. Vol. 12, pp. pp. 20-27, 2010. M. Kretzschmar, M. Golling, and S. Hanigk, "Security Management Areas in the Inter-cloud", IEEE International Conference on Cloud Computing (CLOUD), pp. 762-763, 4-9 July 2011 2011. P. Eckersley. (2011). How secure is HTTPS today? How often is it attacked? [Webpage]. Available: https://www.eff.org/deeplinks/2011/10/how-secure-https-today L. Whitney. (2011). Comodohacker returns in DigiNotar incident. Available: http://news.cnet.com/8301-1009_320102027-83/comodohacker-returns-in-diginotar-incident/ A. v. d. Stock, J. Williams, and D. Wichers. (2007). OWASP Top 10 Risks [Webpage]. Available: http://www.owasp.org/index.php/Top_10_2007 A. M. Childs and W. Van Dam, "Quantum algorithms for algebraic problems", Reviews of Modern Physics, vol. 82, p. 1, 2010. A. Ekert and R. Jozsa, "Quantum computation and Shor's factoring algorithm", Reviews of Modern Physics, vol. 68, pp. 733-753, 1996. R. Kui, W. Cong, and W. Qian, "Security Challenges for the Public Cloud", Internet Computing, IEEE, vol. 16, pp. 6973, 2012. W. Zhou, M. Sherr, W. R. Marczak, Z. Zhang, T. Tao, B. T. Loo, and I. Lee, "Towards a data -centric view of cloud security", presented at the Proceedings of the second international workshop on Cloud data management, Toronto, ON, Canada, 2010. W. Cong, W. Qian, and R. Kui, "Towards Secure and Effective Utilization over Encrypted Cloud Data", presented at the 31st International Conference on Distributed Computing Systems Workshops (ICDCSW), 2011. R. L. Rivest, L. Adleman, and M. L. Dertouzos, "On data banks and privacy homomorphisms", Foundations of secure computation, vol. 32, pp. 169-178, 1978. J. Bringer, H. Chabanne, D. Pointcheval, and Q. Tang, "Extended private information retrieval and its application in biometrics authentications", 2007. M. Jurik and J. B. Nielsen, "A generalization of pailliers public -key system with applications to electronic voting", 2003. K. Peng, R. Aditya, C. Boyd, E. Dawson, and B. Lee, "Multiplicative homomorphic e-voting", in Progress in Cryptology-INDOCRYPT 2004, ed: Springer, 2005, pp. 61-72. J. D. Cohen and M. J. Fischer, "A robust and verifiable cryptographically secure election scheme", presented at the 26th Annual Symposium on Foundations of Computer Science, 1985. C. Gentry, "Computing Arbitrary Functions of Encrypted Data", Communications of the ACM, vol. 53, pp. 97-105, 2010. C. Gentry, "Fully homomorphic encryption using ideal lattices", presented at the Proceedings of the 41st annual ACM symposium on Theory of computing, Bethesda, MD, USA, 2009. V. Vaikuntanathan, "Computing Blindfolded: New Developments in Fully Homomorphic Encryption", presented at the IEEE 52nd Annual Symposium on Foundations of Computer Science (FOCS, 2011. J. C. Mitchell, R. Sharma, D. Stefan, and J. Zimmerman, "Information-Flow Control for Programming on Encrypted Data", presented at the IEEE 25th Computer Security Foundations Symposium (CSF), 2012. E. Naone. (2011, 2011 May-June) Homomorphic encryption: making cloud computing more secure. Technology Review (Cambridge, Mass.) [Article]. 50+. Available: http://go.galegroup.com/ps/i.do?id=GALE%7CA255493451&v=2.1&u=uwsydney&it=r&p=AONE&sw=w C. Gentry and S. Halevi, "Implementing Gentrys Fully-Homomorphic Encryption Scheme, Advances in Cryptology EUROCRYPT 2011". vol. 6632, K. Paterson, Ed., ed: Springer Berlin / Heidelberg, 2011, pp. 129-148. G. Chunsheng, "New fully homomorphic encryption over the integers," Cryptology ePrint Archive, Report 2011/118, 2011.2011.
Formatted: Right

P a g e | 19

[54] [55] [56] [57] [58] [59] [60] [61] [62] [63] [64] [65]

[66]

[67] [68] [69] [70] [71] [72] [73] [74]

[75]

J. S. Coron, A. Mandal, D. Naccache, and M. Tibouchi, "Fully homomorphic encryption over the integers with shorter public keys", Advances in CryptologyCRYPTO 2011, pp. 487-504, 2011. N. Smart and F. Vercauteren, "Fully homomorphic encryption with relatively small key and ciphertext sizes", Public Key CryptographyPKC 2010, pp. 420-443, 2010. M. Van Dijk, C. Gentry, S. Halevi, and V. Vaikuntanathan, "Fully homomorphic encryption over the integers", Advances in CryptologyEUROCRYPT 2010, pp. 24-43, 2010. M. Naehrig, K. Lauter, and V. Vaikuntanathan, "Can homomorphic encryption be practical?", presented at the Proceedings of the 3rd ACM workshop on Cloud computing security workshop, Chicago, Illinois, USA, 2011. G. Chun-sheng and G. Ji-xing. (2012). Attack on Fully Homomorphic Encryption over Principal Ideal Lattice [Webpage]. Available: http://onlinepresent.org/proceedings/vol1_2012/9.pdf G. Chunsheng, "Attack on Fully Homomorphic Encryption over the Integers", International Journal of Information and Network Security (IJINS), vol. 1, pp. 275-281, 2012. Z. Brakerski, C. Gentry, and V. Vaikuntanathan, "Fully homomorphic encryption without bootstrapping", Innovations in Theoretical Computer Science, 2012. Z. Zhang, T. Plantard, and W. Susilo, "Reaction attack on outsourced computing with fully homomorphic encryption schemes", in Information Security and Cryptology-ICISC 2011, ed: Springer, 2012, pp. 419-436. Homeland Security News Wire. (2011). Hackers using cloud networks to launch powerful attacks [Webpage]. Available: http://www.homelandsecuritynewswire.com/hackers-using-cloud-networks-launch-powerful-attacks L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda, "All your contacts are belong to us: automated identity theft attacks on social networks", presented at the ACM, 2009. A. Aviram, S. Hu, B. Ford, and R. Gummadi, "Determinating timing channels in compute clouds", presented at the Proceedings of the 2010 ACM workshop on Cloud computing security workshop, Chicago, Illinois, USA, 2010. Y. Xu, M. Bailey, F. Jahanian, K. Joshi, M. Hiltunen, and R. Schlichting, "An exploration of L2 cache covert channels in virtualized environments", presented at the Proceedings of the 3rd ACM workshop on Cloud computing security workshop, Chicago, Illinois, USA, 2011. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, "Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds", presented at the Proceedings of the 16th ACM conference on Computer and communications security, Chicago, Illinois, USA, 2009. Z. Wang and R. B. Lee, "New cache designs for thwarting software cache-based side channel attacks", SIGARCH Comput. Archit. News, vol. 35, pp. 494-505, 2007. Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart, "Cross-VM side channels and their use to extract private keys", in Proceedings of the 2012 ACM conference on Computer and communications security , 2012, pp. 305-316. A. Verma, P. Ahuja, and A. Neogi, "pMapper: power and migration cost aware application placement in virtualized systems", in Proceedings of the 9th ACM/IFIP/USENIX International Conference on Middleware , 2008, pp. 243-264. G. Jung, K. Joshi, M. Hiltunen, R. Schlichting, and C. Pu, "A cost-sensitive adaptation engine for server consolidation of multitier applications", Middleware 2009, pp. 163-183, 2009. M. Roesch, "Snort-lightweight intrusion detection for networks", in Proceedings of the 13th USENIX conference on System administration, 1999, pp. 229-238. G. Combs. Wireshark [Web Page]. Available: http://www.wireshark.org/ OpenVAS. Open Vulnerability Assessment System [Webpage]. Available: www.openvas.org R. N. Calheiros, R. Ranjan, A. Beloglazov, C. A. De Rose, and R. Buyya, "CloudSim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms", Software: Practice and Experience, vol. 41, pp. 23-50, 2011. T. Mathworks. MATLAB - The language of technical computing [Webpage]. Available: www.mathworks.com.au/products/matlab/

Formatted: Right

P a g e | 20