With the rapid development of the Internet, new Internet technologies such as cloud computing, SDN, and blockchain have become increasingly familiar and accepted by people. Among them,
cloud computing solutions are adopted by more and more enterprises due to their high scalability, low cost, and convenient operation and maintenance. In the context of the large-scale popularization of cloud computing technology on the Internet, the underground black industry chain has also been continuously developed and improved with the Internet tide. Therefore, the technical reliability of cloud computing providers and the security of cloud computing services have become many cloud computing providers and The focus of corporate IT managers.
According to the CSA (Cloud Security Alliance, Cloud Security Alliance) report published "The Treacherous 12 – Cloud Computing Top Threats in 2016"[1] shows that 12 security issues such as data leakage, stolen credentials, insufficient identity verification, etc. have become cloud computing services Face the most core threat. This article will analyze and summarize the current security issues facing the cloud computing environment.
Cloud computing security threat analysis
Traditional threats cannot be ignored
Although cloud computing provides users with a new type of computing, network, and storage environment, no revolutionary changes have taken place in the services provided by systems and applications and traditional deployment methods. On the cloud computing platform, threats such as authentication and authorization, logic attacks, client attacks, command execution, and information leakage are still not to be ignored. Cloud computing vendors and enterprise IT managers need to pay enough attention and strengthen them in time .
New challenges on the cloud
Compared with traditional server architecture, cloud computing technology introduces concepts such as virtualization and multi-tenancy, which to a certain extent bring related risk points to information systems.
Virtualization security threats
Virtualization is currently one of the most widely used technologies by cloud computing providers. Virtualization technologies such as servers, storage, and networks provide basic technical support for cloud computing services and solve the problems of resource utilization and automatic expansion of resource provision. Server virtualization technology supports virtualizing a single physical server into multiple virtual servers, thereby greatly improving the utilization of limited computing resources. While virtualization technology provides convenience, it also brings a lot of security risks, such as the security vulnerabilities of virtualization itself and the traffic exchange between virtual machines.
Virtualization's own security breach risk
Currently, virtualization vulnerabilities are widespread in mainstream virtualization technologies (KVM, Xen, VMware, etc.). Hypervisor (virtualization management software) is the bottom layer of virtual machines. Once there is a loophole, it will endanger all virtual machines running on it, and even affect the security of the host itself under virtualization. Attackers mainly exploit virtualization vulnerabilities from three aspects:
Destroy the host, causing all virtual machines above the host to crash and business interruption;
The virtual machine escapes. After obtaining the control of the host, the host is used to penetrate the cloud computing platform;
Use the host's control right to obtain sensitive information of other virtual machines under the same host.
At the same time, in the cloud computing environment, there are a variety of different virtualization management components, such as virtual machine monitors, network policy controllers, storage controllers, etc., which are the core of realizing multi-tenant sharing hardware and isolating services and data Components, once these vulnerabilities in virtualization management software are exploited by malicious people, the security of tenants cannot be effectively guaranteed.
Security risks of virtual machine traffic exchange
In a virtualized environment, there may be Layer 2 traffic exchange between virtual machines on a single physical server, and this part of the traffic is invisible to the administrator. In this case, the administrator needs to determine whether the access between the virtual machines conforms to a predetermined security policy, or needs to consider how to set a policy in order to achieve access control of the traffic between the virtual machines.
Multi-tenant security threats
The multi-tenant architecture in cloud computing (Multi-Tenancy Technology) improves resource utilization by sharing systems or computer computing resources. At the same time, cloud computing providers charge based on tenants' usage of shared resources. Multi-tenant architecture combined with virtualization technology forms the foundation of cloud computing.
In a multi-tenant cloud computing environment, due to the openness of the cloud computing platform, there are many tenants on the platform, and some malicious tenants with malicious intent cannot be ruled out. There may also be a certain competition of interests among tenants, which will cause the abuse of cloud computing resources and tenants. Attacks, etc. become possible, and traditional security protection measures are stretched to deal with these security challenges from within the cloud environment.
Cloud service abuse
Because of the low rental cost of cloud computing services, tenants can use the computing, network, and storage resources provided by cloud computing providers. At present, service abuse caused by the lack of strict control by the providers is not uncommon. If the supplier does not review the user's purpose, it is likely to be used by the attacker to crack the key, launch a distributed denial of service (DDoS) attack, send spam and phishing emails, host malicious content, etc.
Tenants are not effectively isolated
At present, in the technology of multi-tenant isolation, various cloud computing vendors have provided complete VPC (Virtual Private Cloud) multi-tenant virtualized network solutions. At the beginning of 2017, the issue of Alibaba Cloud's multi-tenant isolation caused intense discussion on the Internet [3]. Although the current VPC solution is relatively complete, it is not possible to investigate the exploitable vulnerabilities found by attackers in the development of cloud computing technology and then cross the tenant isolation achieved through VPC technology. If the tenants are not effectively isolated, the attack between the tenants will greatly affect the user experience of cloud computing services, and it will also greatly increase the possibility of information system penetration.
Data residue
In the cloud environment, the storage medium is owned by the cloud computing provider, and tenants cannot directly manipulate the storage medium. When a tenant withdraws from cloud computing services, the cloud computing provider shall comply with the "Remaining Information Protection" requirement in the "Network Security Level Protection Basic Requirements Cloud Computing Security Extension Requirements": it shall ensure that the memory and storage space used by the virtual machine are completely cleared when reclaimed . Cloud computing providers should completely delete tenant data, including backup data and tenant data generated during operation.
At present, domestic cloud computing providers still lack effective review mechanisms and tools to verify the implementation of the "remaining information protection" requirements. After tenants exit the platform, data may still remain in the storage devices of the cloud computing platform.
summary
Based on the above analysis of cloud computing security threats, it is not difficult to find that the security situation in the cloud computing environment is very severe. Attackers can carry out attacks and penetrations from the cloud computing platform itself, the resources rented by tenants, and other aspects. Regardless of the public cloud or private cloud environment, users must choose a suitable cloud computing provider and make reasonable security protections for the cloud computing platform and business system.
In the public cloud environment, tenants can perform traditional security protection for each virtual machine owned by the tenant by selecting the security module integrated in the platform by the cloud computing provider.
In the private cloud environment, corporate IT managers can protect private cloud platforms by purchasing cloud security platforms provided by professional information security vendors.
