|Figure 1. Systems Engineering Process (INCOSE, 1995)
1. Cloud Security Critical Issues
Cloud security is analyzed in some existing studies (Gu and Cheung, 2009, IDC White Paper, 2010), but the development of realistic and applicable solutions is still in the early stages.
Privacy issues in cloud environments have been described by Pearson (2009), and some interesting security aspects are presented by Siebenlist (2009). A complete survey of security in the context of cloud storage is provided by Cachin et al. (2009). Kandukuri et al. (2009) have provided insights of the requirements for the service level agreement (SLA), which is the document that defines the relationship between the provider and recipient of services. An exhaustive cloud security risk assessment has been presented by European Network Information Security Agency - ENISA (2009). A “cloud-free” security model for cloud computing proposed by Yunis (2009) considers the following critical security issues for the related infrastructures:
- Extensive resource sharing
- Lack of data ownership
- Reducing encryption in order to increase the speed of service delivery
- Refusal of service
- Loss of data due to technical failure
- Unknown attacks
However, the above security issues are valid to some extent for web enterprise systems and services defined within an enterprise service-oriented platform. It appears cloud computing is not fundamentally different from existing web infrastructure that is vulnerable to various threats and attacks, especially due to lack of protection through adequate mechanisms, regulations and policies. It also represents an increased danger in the changing nature and evolution of attacks.
An initial analysis of the general requirements for cloud computing has identified the following:
- Reliability and liability, which are the requirements for the cloud to be a reliable resource, especially if a cloud provider will run “mission-critical” tasks and will expect a clear delineation of liability if serious problems occur.
- Security, privacy, and anonymity, which are the requirements needed to prevent unauthorized access to both data and code and to ensure that sensitive data remains private. Security is required at the different access levels such as server, internet, data, and program (code) (Kandukuri et al., 2009). Users will also expect that the cloud provider, other third parties, and governments will not monitor their activities. The exception may be for cloud providers, who may need to selectively monitor usage for quality control purposes
- Access and usage capabilities, which are the requirements to be able to access and use the cloud as needed without hindrance from the cloud provider or third parties, while their intellectual property rights are upheld.
1.1 Applying Systems Engineering Process
Systems Engineering Process (SEP) as defined by INCOSE (1995) includes four main components: requirements analysis, functional analysis, synthesis, system analysis, and controls (Figure 1).
The aim of applying SEP for cloud computing systems is mainly the requirements analysis and functional allocation in order to identify and construct an agile adaptive system security model. Considering the identified requirements outlined in the previous section, the following categories are defined and could be included within a framework of requirements engineering for secure cloud systems:
- Technical Requirements are the providers’ capabilities;
- User Requirements should meet the recipient requirements of trusted and reliable services;
- Functional requirements are the virtualization translation capabilities of the clouds and associated services.
Lombardi and Di Petro (2010) have proposed the Advanced Cloud Protection System (ACPS), which is intended to actively protect the integrity of the guest virtual machines and of the distributed computing middleware by allowing the host to monitor guest virtual machines and infrastructure components. The identified set of requirements to be met by a security monitoring system for clouds is as follows (Lombardi and Di Pietro, 2010):
- REQ1 Effectiveness: the system should be able to detect most types of attacks and integrity violations.
- REQ2 Precision: the system should be able to (ideally) avoid false positives; that is, mistakenly detecting malware attacks where authorized activities are taking place.
- REQ3 Transparency: the system should minimize visibility, and potential intruders should not be able to detect the presence of the monitoring system.
- REQ4 Non-subvertability: the host system, cloud infrastructure and the virtual machine should be protected from attacks proceeding from a compromised guest, and it should not be possible to disable or alter the monitoring system itself.
- REQ5 Deployability: the monitoring system should be deployable on the vast majority of available cloud middleware and different configurations.
- REQ6 Dynamic / Adaptive Reaction: the system should detect an intrusion attempt over a component and, if required by the security policy, it should take appropriate action against the attempt and against the compromised guest and/or notify remote middleware security-management components.
- REQ7 Accountability: the system should not interfere with other cloud application actions, but should collect data and snapshots to enforce accountability policies.
However, ACPS is too restrictive and could compromise the system performance and privacy through monitoring activities. Also, it is not flexible enough to accommodate changing threats and actions of the adversarial communities.
Standardization principles described as follows should be also adopted:
ISO/IEC 15288 (INCOSE, 2007), which establishes a common framework for describing the life cycle of systems; and ISO 12207, which includes systems level descriptions such as requirements analysis, architectural design, systems integration and qualification testing.
For adoption of clouds, the data security standards such as ISO 27001/ISO 27002 are essential because of data protection problems in the clouds having a huge potential to disclose data.
|Figure 2. How cloud computing can meet the challenges of adaptive system security systems by applying systems engineering standards and architecting principles
Architecting cloud-driven adaptive security systems
Based on the linkage between security systems engineering toward agile strategies for the development of adaptive security systems and cloud computing paradigms an architectural infrastructure could be suggested, and it is depicted in figure 2.
Some challenges that need to be solved in order to realize this synergy have been discussed in the essay, and these are mainly related to dealing with systems requirements according to SEP (INCOSE, 1995). The cloud computing model for adaptive security systems engineering could be developed through the application of model driven engineering as suggested by Brumiliere et al. (2010), but this is still ongoing work.
A framework for Enterprise Security Architecture is provided by Sherwoods Applied Business-driven Security Architecture (SABSA) (Sherwood et al, 2005).
The Open Group Architecture Framework (TOGAF) describes an Architecture Development Method (ADM) that can be used to deliver an enterprise architecture. A current development is the integration of security features represented in SABSA into TOGAF. The idea is that SABSA can provide the security architectural models within TOGAF. When the link between SABSA and TOGAF is defined, it will be possible to use SABSA for organizations/enterprises that already use TOGAF (TOGAF & SABSA Working Group, 2010).
We plan to continue our work by further exploring these challenges and breaking new ground. Due to the lack of maturity of cloud computing technology, there are several key aspects requiring efforts of different communities of software, systems and security researchers and practitioners.
Bruneliere, H., Cabot, J. and Jouault, F. 2010 Combining Model-Driven Engineering and Cloud Computing, INRIA Report, Cachin C., Keidar I., and Shraer A. 2009 Trusting the cloud. SIGACT News 40(2): 81–6.
European Commission (2010) The Future of Cloud Computing - Opportunities for European Cloud Beyond 2010, European Commission Public Report.
ENISA (European Network Information Security Agency) 2009, Cloud computing risk assessment. http://www.enisa.europa.eu/act/rm/ files/deliverables.
IDC 2010 Leveraging the benefits of Cloud Computing with Specialized Security, White Paper, 2010.
INCOSE (International Council on Systems Engineering) 1995 Metrics Guidebook for Integrated Systems and Product Development. Seattle, WA, USA.
INCOSE (International Council on Systems Engineering) 2007 Systems Engineering Handbook – A guide for system life cycle processes and activities, V3.1.
Lombardi F, and Di Pietro R. 2010 Secure virtualization for cloud computing. Journal of Network and Computer Applications, Elsevier Ltd.
Jaeger, P. T., Lin, J. and Grimes, J. M.(2008) 'Cloud Computing and Information Policy: Computing in a Policy Cloud?', Journal of Information Technology & Politics, 5: 3: 269 -283. Publisher Routledge.
Grace, L. (2010), Basics about Cloud Computing, Software Engineering Insititute, Carnegie Mellon University, USA at: http://www.sei.cmu.edu/library/assets/whitepapers/Cloudcomputingbasics.pdf
Grobauer, B., Walloschek T., and Stöcker, E (2010), Understanding Cloud Computing Vulnerabilities, accepted for publication in IEEE Security and Privacy, Special Issue on Cloud Computing, 2010 IEEE
Gu L, Cheung S-C. (2009) Constructing and testing privacy-aware services in a cloud computing environment: challenges and opportunities. In Internetware ’09: Proceedings of the first Asia-Pacific symposium on internetware. ACM New York, NY, USA, pp. 1–10.
Kandukuri, B.R Paturi V, R. and Rakshi, A. (2009) Cloud Security Issues, 2009 IEEE International Conference on Services Computing, pp. 517-520.
Mell, P. and Grance, T. (2009) Effectively and Securely Using the Cloud Computing Paradigm (v0.25), NIST, http://csrc.nist.gov/groups/SNS/cloud-computing/index.html
Yunis, M.M. (2009) A “cloud free” security model for cloud computing in Int. J. of Services and Standards 5(4): 354 - 375, Inderscience.
Pearson S. (2009) Taking account of privacy when designing cloud computing services. In Cloud’09: Proceedings of the 2009 ICSE workshop on software engineering challenges of cloud computing, IEEE Computer Society, Washington, DC, USA, pp. 44–52.
Rittinghouse, J.W. and Ransome, J.F. (2010) Cloud Computing Implementation, Management and Security, CRC Press Taylor and Francis, 2010.
Siebenlist F. (2009) Challenges and opportunities for virtualized security in the clouds. In SACMAT ’09: Proceedings of the 14th ACM symposium on access control models and technologies, ACM, New York, NY, USA, 2009. pp. 1–2.
Sherwood, J., Clark, A. and Lynas, D. (2005) Enterprise Security Architecture: A Business Driven Approach, CMP Press.
TOGAF & SABSA Working Group (2010). TOGAF-SABSA integration, Version 1.0 Prepared by Pascal de Koning.