Diogo A. B. Fernandes

Security issues in cloud environments: a survey

In the last few years, the appealing features of cloud computing have been fueling the integration of cloud environments in the industry, which has been consequently motivating the research on related technologies by both the industry and the academia. The possibility of paying-as-you-go mixed with an on-demand elastic operation is changing the enterprise computing model, shifting on-premises infrastructures to off-premises data centers, accessed over the Internet and managed by cloud hosting providers. Regardless of its advantages, the transition to this computing paradigm raises security concerns, which are the subject of several studies. Besides of the issues derived from Web technologies and the Internet, clouds introduce new issues that should be cleared out first in order to further allow the number of cloud deployments to increase. This paper surveys the works on cloud security issues, making a comprehensive review of the literature on the subject. It addresses several key topics, namely vulnerabilities, threats, and attacks, proposing a taxonomy for their classification. It also contains a thorough review of the main concepts concerning the security state of cloud environments and discusses several open research topics.

Cloud Security: State of the Art

Throughout the end of the first half and during the second half of the past century, advances in technology allowed scientists to develop computer systems. In the beginning, mostly between the forties and the sixties, single computers would fill large rooms with electronics that would consume as much power as several hundreds of modern desktop computers.

Secure user authentication in cloud computing management interfaces

The degradation of the security of password-based mechanisms, combined with the increasing number of perils on the Internet, is rendering one-factor authentication outdated. This threatens the security of online operations for enterprises and end users, and consequently affects cloud computing solutions. Although cloud computing provides appealing benefits in terms of costs reduction, while increasing productivity, it introduces uncharted security issues (e.g., see [1]) beyond the ones inherited from the Internet. The emergence of mobile computing also makes authentication a priority, and has been reinforcing the need to build stronger and more resilient mechanisms; and simultaneously providing the means to develop new authentication mechanisms, namely Multi-Factor Authentication (MFA) schemes. The convergence to Single Sign-On (SSO) models is being used to eliminate or decrease password management complexity. MFA mostly appears in the form of Two-Factor Authentication (2FA) mechanisms based on One-Time Passwords (OTPs) for the second factor after standard password authentication. Such mechanisms can be based on public-key cryptography and may resort to several technologies to improve user experience, namely Quick Response (QR) codes, Short Message Service (SMSes), Trusted Platform Modules (TPMs), or even contactless Near Field Communication (NFC). Another trend leans to the adoption of risk-based authentication. Efforts for securing authentication are mainly being undertaken by the Initiative for Open AuTHentication (OATH) and the Fast IDentity Online (FIDO) alliance.

A Quick Perspective on the Current State in Cybersecurity

Nowadays, cybersecurity makes headlines across the media and in companies, blogs, social networks, among other places. The Internet is a wild cyberspace, an arena for commercialization, consumerism, business, and leisure, to name a few activities. Networks, populations, and nations around the world, now interconnected through the Internet, rely on it for their daily lives. But some Internet users have learned to take advantage of vulnerable systems and of Internet technologies for their own good, sending out spam, phishing, data breaches, botnets, and other threats. An underground criminal network has emerged, creating complex malware kits for several purposes. “Hacktivism” has become a popular term with many supporters worldwide, but cyberwarfare is now on the rise, gaining more and more attention from nation-states. This chapter provides a quick overview of these topics, discussing them in a timely manner, referencing key events from the past while focusing on the present day.

Security Challenges of the Internet of Things

The Internet of Things (IoT) is an environment in which ordinary and complex consumer products, buildings, bridges, animals or even people, etc. are embedded with sensors, equipped with a variety of communication technologies and given unique identifiers that can enable them connect to the Internet. This allows them to talk to each other, collect data and transfer data over the Internet. IoT has the potential to enhance the way we do things by increasing productivity and efficiency. It also has the prospects of delivering significant business benefits. Nonetheless, implementing secure communication in the IoT and integrating security mechanisms into some of its devices have been a major impediment to its progress, resulting in many privacy concerns. Although IoT is a hybrid network of the Internet, many security solutions for the Internet cannot be directly used on the resource-constrained devices of the IoT, hence the need for new security solutions. In this chapter, we discuss the security challenges of the IoT. First, we discuss some basic concepts of security and security requirements in the context of IoT. We then consider fundamental security issues in the IoT and thereafter highlight the security issues that need immediate attention.

Randomness in Virtual Machines

Virtualization technology provided cloud computing with the means to rapidly disseminate throughout the industry and achieve the utility computing long-envisioned era. Efforts on this research area have been focused on assuring isolation between co-resident virtual machines to avoid escaping the sandbox, but less attention has been given to the implications virtualization may pose to the efficiency and quality of random number generation on guests. On Linux distributions, the good provisioning of entropy gathered by the kernel is crucial for the functioning of its random number generator. However, entropy sources may be scarce on virtual machines due to the abstraction implied by the virtualization layer. As a consequence, both the generation speed and the quality of random numbers might drop when compared to hosts. This paper looks into this issue and analyzes the outputs of the /dev/random interface of the Linux kernel on virtual machines. With a well-know statistical library it is shown that the outputs are of high quality and are independently generated, even though they are produced on a slower basis.

Applications of artificial immune systems to computer security: A survey

For the last two decades, artificial immune systems have been studied in various fields of knowledge. They were shown to be particularly effective tools at detecting anomalous behavior in the security domain of computer systems. This article introduces the principles of artificial immune systems and surveys several works applying such systems to computer security problems. The works herein discussed are summarized and open issues are pointed out afterwards, elaborating on a novel applicability of these systems to cloud computing environments.

Applications of Trusted Computing in Cloud Context

Trusted computing is a technology that enables computer systems to behave in a given expected way. Achieving that goal happens by arming an isolated piece of hardware with embedded processing, cryptographic capabilities such as encryption key that is kept safe from software layer attacks. The mentioned module is accessible to the rest of the computer system via a well-defined and tested application programming interface. Trusted computing protects the system against external attackers and even against the owner of the system. Cloud computing enables users to have access to vast amounts of computational resources remotely, in a seamless and ubiquitous manner. However, in some cloud deployment models, such as public cloud computing, the users have very little control over how their own data is remotely handled and are not able to assure that their data is securely processed and stored. Cloud administrators and other parties can be considered threats in such cases. Given the ground that cloud has been gaining and the rate at which data is generated, transmitted, processed, and stored remotely, it is vital to protect it using means that address the ubiquitous nature of the cloud, including trusted computing. This chapter investigates applications of trusted computing in cloud computing areas where security threats exist, namely in live virtual machine migration.

Fractal Beauty in Text

This paper assesses if text possesses fractal properties, namely if several attributes that characterize sentences are self-similar. In order to do that, seven corpora were analyzed using several statistical tools, so as to determine if the empirical sequences for the attributes were Gaussian and self-similar. The Kolmogorov-Smirnov goodness-of-fit test and two Hurst parameter estimators were employed. The results show that there is a fractal beauty in the text produced by humans and suggest that its quality is directly proportional to the self-similarity degree.

On the self-similarity of traffic generated by network traffic simulators

There are currently several applications and frameworks to simulate networks, network equipment, applications, services and protocols. These tools play an important role not only in the research and development of new solutions on the computer networking area, but also on other areas of knowledge, because they enable researchers to abstract from the underlying network complexity by providing a prepackaged set of simulation primitives in a concise and useful manner. These tools implement several models and network protocols, some of them being able to produce realistic network traffic, apart from simulating the behavior of the protocols or applications. It is well known that real network traffic in aggregation points like routers should exhibit the self-similarity property for the amount of information per time unit, which reflects the burstiness of the traffic and affects the functioning of the devices and protocols. It is thus important to assess if network simulators generate this property. This chapter presents a study to assess if self-similarity is indeed embedded in traffic produced by popular network simulators, namely NS3 and OMNeT++, and discusses the values for the Hurst parameter obtained using different estimators and for the autocorrelation structure under various network scenarios.