Three Misuse Patterns for Cloud Computing

Introduction

The Internet has been developing quickly during the last decade. The cost of storage is increasing as well as the cost of the power consumed by the hardware (Zhang, Zhang, Chen, & Huo, 2010). Thus, organizations need new solutions. Cloud computing is a new paradigm that improves the utilization of resources and decreases the power consumption of hardware. Cloud computing allows users to have access to resources, software, and information using any device that has access to the Internet. The users consume these resources and pay only for the resources they use.

Virtualization is a key feature for cloud computing (Gurav & Shaikh, 2010), which offers a potentially secure, reliable, scalable, shared, and manageable environment. Virtualization allows many virtual machines to run on a single physical machine. Virtual machines are created and supervised by the Virtual Machine Monitor that is a software layer that mediates between the software and the hardware. Virtualization permits users to create, copy, share, migrate, and roll back virtual machines, which creates tremendous benefits for users (Garfinkel & Rosenblum, 2005). However, it also comes with new security problems. Cloud providers must undertake a substantial effort to secure their systems in order to minimize the threats that result from communication, monitoring, modification, migration, mobility and denial of service. In this work, we examine how virtualization gives raise to some security issues.

In order to design a secure system, we first need to understand possible threats to our system. Several methods have been developed to identify threats, e.g. (Braz, Fernandez, & VanHilst, 2008). Once identified, we need to describe how these threats are realized to accomplish a misuse according to the goals of the attacker. A misuse pattern describes how a misuse is performed from the point of view of the attacker (E. B. Fernandez, Yoshioka, & Washizaki, 2009). It defines the environment where the attack is performed, countermeasures to stop it, and it provides forensic information in order to trace the attack once it happens. Misuse patterns are useful for developers because once they determine that a possible attack can happen in the environment, a corresponding misuse pattern will indicate what security mechanisms are needed as countermeasures. Also, misuse patterns can be very useful for forensic examiners to determine how an attack is performed, and where they can find useful evidence information after the attack is done. An important value of misuse patterns is that they describe the components of the system where the attack is performed using class diagrams and sequence diagrams, relating the attack to specific system units.

We present in this work three examples of misuse patterns that describe some threats found in cloud computing environments. One of the vulnerabilities that is inherent in cloud computing is the co-location of virtual machines, where an attacker’s virtual machine tries to reside in the same server of the victim’s virtual machine with purposes of misuse, such as information inference based on resource usage (leakage of information). Moreover, sharing virtual machine images is one of the new threats that cloud computing is facing. Virtual machine images are prepackaged software templates that are used to instantiate virtual machines. Thus, these images have a significant effect on the overall security of the cloud (Wei, Zhang, Ammons, Bala, & Ning, 2009). Cloud providers offer a repository service where providers and users can store their images. Users can either create their own image, or they can use any image stored in the repository. An attacker who creates a valid account can create an image containing malicious code such as a Trojan horse. If another customer uses this image, the virtual machine that he creates will be infected with the hidden malware, which can then perform a variety of misuses. Furthermore, the contents of virtual machines such as the kernel, applications, and data being used by these applications can be compromised during live migration.

Section 2 presents background information. In Section 3, we present three misuse patterns for cloud computing including Resource Usage Monitoring Inference, Malicious Virtual Machine Creation, and Malicious Virtual Machine Migration Process. In Section 4, we present some discussion, and in Section 5 we offer some conclusions and possible future work.