Security of Cloud Computing, Storage, and Networking Mohamed Hamdi School of Communication Engineering, Technopark El Ghazala, 2083 Tunisia Email: mmh@supcom.rnu.tn Abstract—Convergence and ubiquity are the key character- istics of tomorrows service provision infrastructures. Cloud architectures will constitute cost-efficient backbones that will support the transmission, storage, and computing of the appli- cations contents. These architectures can be used for business, scientific, and pervasive computing purposes. The diversity of the services delivered through cloud infrastructures increases their vulnerability to security incidents and attacks. The cost and complexity reduction requirements render the design and development of protection mechanisms even more challenging. In addition, key design features such as confidentiality, privacy, authentication, anonymity, survivability, dependability, and fault- tolerance are, in some extent, conflicting. The objective of this tutorial is to present the state-of-the-art of security and explore research directions and technology trends to address the protec- tion of cloud communications and networking infrastructures. An emphasis will be made on the collaboration of mobile devices in cloud based infrastructures. The fundamental concepts of cloud computing security will be explored, including cloud security services, cloud security principles, cloud security requirements, and testing techniques. Keywords – Cloud computing security; risk analysis; dis- tributed attacks and threats; software and data isolation. I. I NTRODUCTION Cloud computing is clearly one of today’s most enticing technology areas due, at least in part, to its cost-efficiency and flexibility. This technology holds the potential to eliminate the requirements for setting up of excessively expensive com- puting infrastructure for the IT-based solutions and services that the industry uses. It promises to provide a flexible IT architecture, accessible through internet for lightweight portable devices. This would allow many-fold increase in the capacity or capabilities of the existing and new software. However, despite the surge in activity and interest, there are significant, persistent concerns about cloud computing that are impeding momentum and will eventually compromise the vision of cloud computing as a new IT procurement model. When thinking about solutions to cloud computing adoption problem, it is important to realize that many of the issues are essentially old problems in a new setting, although they may be more acute. For example, corporate partnerships and off- shore outsourcing involve similar trust and regulatory issues. Similarly, open source software enables IT departments to quickly build and deploy applications, but at the cost of control and governance. Moreover, virtual machine attacks and Web service vulnerabilities existed long before cloud computing became fashionable. In a cloud computing environment, the entire data reside over a set of networked resources, enabling the data to be accessed through virtual machines. Since these datacenters may lie in any corner of the world beyond the reach and control of users, there are multifarious security and privacy challenges that need to be understood and taken care of. Also, one can never deny the possibility of a server breakdown that has been witnessed, rather quite often in the recent times. There are various issues that need to be dealt with respect to security and privacy in a cloud computing scenario. In this chapter, the fundamental concepts of cloud computer security will be explored, including cloud security services, cloud security principles, cloud security requirements, and testing techniques. The purpose of the chapter is to convey to the reader the ability to: ” Understand security management challenges and opportunities in cloud environments ” Examine cloud computing risk, threats, and vulnerabilities ” Specify, validate, and implement preventive and reactive security poli- cies for in a virtual environment ” Develop business continuity and disaster recovery plans for cloud computing ” Conduct security investigation missions to analyze attacks against cloud computing This chapter addresses various aspects related to the security of cloud computing. The following items give an overview of the most important issues that will be discussed in the following sections: • Overview on cloud infrastructures: Cloud infrastructures allow the delivery of computing, storage, and networking as services rather than products. This section provides an overview on the cloud delivery and deployment models. The terminology introduced by the US National Institute for Standards and Technology (NIST) will be used. Three models will be covered in this context: (a) Software as a Service (SaaS), (b) Platform as a Service (PaaS), and (c) Infrastructure as a Service (IaaS). The major benefits brought by cloud computing, including flexibility and resiliency, cost-effectiveness, data-centric storage, and scalability, will be highlighted. • Risk and threat analysis in cloud computing: This section gives a detailed technical analysis of some attacks that have been recently conducted against cloud infrastruc- tures. To imbue a practical flavor to the attendee, a study of the attacks that have targeted cloud infrastructures (study of recent cases: Yahoo, SONY, ) will be presented. These attacks have been selected from concrete cases cited by the CSI/FBI crime and security survey and the 978-1-4673-1382-7/12/$31.00 ©2012 IEEE 1