The following is a special contribution to this blog from Klara Nahrstedt and Roy Campbell, faculty at the University of Illinois at Urbana-Champaign, and Mohamed Gouda, program director at the National Science Foundation (NSF). The trio recently organized and ran a NSF-sponsored workshop on Security for Cloud Computing.
Cloud computing is becoming an integral part of our computing and communication ecosystem, offering great opportunity for cost-effective large-scale processing and storage capabilities. Major service providers including Google, HP, Amazon, Microsoft, and IBM are offering cloud computing services not only to corporations but also to general users and at affordable prices.
As we step closer to utility computing and “cloud services for everybody,” a major question is, “How secure are the cloud computing services and systems?”. Security is a major concern for many Information Technology (IT) systems and applications, including the Internet, supercomputing, grid computing, scientific applications, military, government, and corporate systems and applications. However, scale changes everything. It means that as we enter the mass-market for cloud computing services, the security and privacy of those services will become first-class features that ensure broad usability and deployment.
Twenty-five CISE researchers joined NSF program staff in Washington, DC, on March 15-16 to discuss future challenges and possible NSF funding opportunities in “Security in Cloud Computing.” The goal of the NSF-sponsored workshop was (a) to identify research challenges of “Security of Cloud Computing Services and Systems,” and (b) to rally a broader computer science and engineering research community behind the challenges that need to be solved. The NSF workshop participants aimed to answer several important questions (following the link):
- What are the unsolved challenges of “security of cloud computing”?
- What are the intellectual merits of these problems, i.e., why are these problems important in the scientific space?
- What is the broader impact of these problems if we solve them (or if we don’t solve them)?
The invited CISE researchers and NSF program staff had very lively discussions about the questions and developed challenges in four major areas:
- Adversary models for cloud computing: The participants considered challenges such as “What are the new security threats?”, “What does an adversary look like in cloud computing when different entities are involved such as when a client is a user, an owner, a storage provider and a compute provider and when some or all of the entities in the cloud can become adversaries?”, “Is there a hierarchy of adversaries when attacking clouds?”, and so on. Since clouds will be used by multiple tenants, challenges were discussed such as “Do all tenants need the same security or is leveled security sufficient at different prices?”. Another challenge that was raised: “A cloud client builds a cloud application and must rely on many technologies that he/she did not create. What are the possible defenses if underlying cloud technologies become adversaries?”
- Delegation and authorization in cloud computing: With cloud computing, we will see more and more third parties accessing clouds on behalf of users. Discussion centered around cryptographic approaches and challenges for delegation and authorization such as attribute-based encryption for access control, secure comparison for complex policy enforcement, and encryption delegation for fine-grained temporal context (e.g., if authorization changes over time, or attributes expire over time). Another important issue that was brought up: “How do we support mobile device access to a cloud?” Challenging aspects of computation over encrypted data were discussed when utilizing homomorphic encryption and homomorphic signatures. Challenges of end-to-end cloud life cycle were presented and, along with these, the security challenges such as restricted delegation, secure service composition, multiple credential types, and fine-grained access control. The delegation challenge was further discussed, and reconsideration of capabilities was proposed. With capabilities one does authorization not based on “who you are,” but “what you have.” Hence, capabilities are unforgeable and delegation is simple, yielding an interesting approach towards a restricted delegation challenge.
- End-to-end security in cloud computing: Cloud computing is not an isolated entity in the computing ecosystem but it is always connected with a client(s) who wants certain work (storage, computation, response) from the cloud service. Hence, the participants looked at the security aspects of cloud computing from the end-to-end point of view. Discussed challenges were “How do we verify work on clouds on behalf of clients?”, “What kind of checks do we put in place at the client’s and cloud side?”, and “How do we achieve trust and trustworthy relations between client and cloud?”. Since a cloud can offer a utility service, participants brought up points such as consideration of security as a service within a cloud and the need for policy-based security applied to the end-to-end problem. Another challenge that was discussed was how to deal with end-to-end privacy and how to own data in the cloud.
- New problems in security for cloud computing: Many new security problems emerged and are emerging. The participants spent substantial time discussing new directions that we have not encountered in other security scenarios of IT systems. Examples of new directions were considerations of legal service level agreements (SLAs) and stronger privacy policies for content providers who collect large amount of personal data. Another major challenge and issue that emerged was attestation of mechanisms in clouds such as the trusted launch of virtual machines and the migration of virtual machines. Discussion addressed attestation of actions, proof-attestation of provider security mechanisms, and execution of algorithms on encrypted data. Further new challenges were presented on cloud usage of covert timing channels and other side channel attacks due to co-tenancy issues. Participants brought up reactive stability challenges, cross-layer robustness, pervasive virtualization, secure migration of data, storage, dependencies between services, placement, and management vulnerabilities. Cloud forensics was another challenge to be solved, especially how to secure and correlate temporal and spatial evidence and how to use log-based events for reconstruction.
Overall, the NSF-sponsored workshop brought forward many new challenges in well-known areas of security as well as very new security problems that are emerging in the cloud computing domain since clouds are very complex systems with hundreds of service dependencies, have competing solutions, have multi-tenancy demands, lack standards, and exhibit pressures for interoperability, bandwidth, and other resources.
For readers interested in further details of this NSF-sponsored workshop, the workshop presentations are posted online. The detailed report to NSF will soon be posted onto the website as well.