Data sent to the cloud are not stored in a single cloud storage server. It is replicated in different cloud data centers in different places worldwide. Data centers are controlled and maintained by different experts from the Cloud Service Providers (CSPs)
Cloud confidentiality is the assurance that sensitive information is not disclosed to unauthorized persons, processes, or devices, i.e., customers’ data and computation tasks are to be kept confidential from both the cloud provider and other customers.
Confidentiality implies that the cloud provider and other customers keep the customer’s data and computation tasks confidential. Therefore, confidentiality remains one of the greatest concerns concerning cloud computing. This is large because customers outsource their data and computation tasks on cloud servers controlled and managed by potentially untrustworthy cloud providers.
Whenever an individual customer, a business, a government agency, or another entity uploads data to the cloud, privacy and confidentiality questions may arise. Users expect those cloud providers will protect their data from unauthorized access, and sensitive data will remain private. They also expect that any third parties, like governments, will not monitor their activity.
Now, let’s consider this: every CSP has a software layer, a platform layer, and an infrastructure layer. When users use a cloud application from a CSP, then the users are forced to use the platform and infrastructure provided by the same CSP. Hence the CSP knows where the users’ data are located and has full access privileges. Similarly, the users are forced to use the interfaces provided by the CSP, and users’ data have to be in a fixed format specified by the CSP. Hence, the CSP knows all the information required for understanding the data. This can easily compromise the confidentiality of data stored in the cloud.
Hence, it must ensure that the users’ confidential data, which they do not want to be accessed by CSPs, are not disclosed to CSPs in the cloud computing systems, including platforms, applications, CPU, and physical memories.
Threats
The software, platform, and infrastructure layers comprise the three layers that make up the cloud. The software layer offers user interfaces to access the cloud-based applications that CSPs are running. The platform layer, in contrast, offers the operating environment needed for the software to run while utilizing system resources. At the same time, the infrastructure provides the hardware resources for networks, storage, and computing. Following are some of the key threats and weaknesses related to data confidentiality.
- Cross-Virtual Machine (VM) attack via Side Channels – A Cross-VM attack exploits the nature of multi-tenancy, which enables VMs belonging to different customers may co-reside on the same physical machine. Timing side channels as an insidious threat to cloud computing security because a) the timing channels pervasively exist and are hard to control due to the nature of massive parallelism and shared infrastructure; b) malicious customers can steal information from other ones without leaving a trail or raising alarms.
- Malicious sysadmin – The Cross-VM attack discusses how others may violate the confidentiality of cloud customers co-residing with the victim. However, it is not the only threat. Privileged sysadmin of the cloud provider can perform attacks by accessing the memory of a customer’s VMs.
Defense strategies
- Placement Prevention – To reduce the risk caused by shared infrastructure, a few suggestions are given to defend against the attack in each step. For instance, cloud providers may obfuscate co-residence by having Dom0 not respond in traceroute and/or by randomly assigning internal IP addresses to launched VMs. To reduce placement success rate, cloud providers might let users decide where to put their VMs; however, this method does not prevent a brute-force strategy.
- NoHype – It attempts to minimize the degree of shared infrastructure by removing the hypervisor while retaining the key features of virtualization. The NoHype architecture provides a few features: i) the one core per VM feature prevents interference between VMs, eliminates side channels, and retains multi-tenancy since each chip has multiple cores; ii) memory partition restricts each VMs memory access on an assigned range; iii) dedicated virtual I/O devices enables each VM to be granted direct access to a dedicated virtual I/O device. NoHype has significantly reduced the hypervisor attack surface and increased the level of VM isolation.
- A trusted cloud computing platform (TCCP) offers a closed-box execution environment for IaaS services. TCCP guarantees the confidential execution of guest virtual machines. It also enables customers to attest to the IaaS provider and to determine if the service is secure before their VMs are launched into the cloud. The design goals of TCCP are 1) to confine the VM execution inside the secure perimeter; 2) that a sysadmin with root privileges cannot access the memory of a VM hosted in a physical node.