SAN DIEGO - The issue of the security of a company's data when communicating over a cloud was a major topic addressed in a number of papers presented at the HotCloud '09 workshop held at the recent USENIX conference. A paper entitled "Private Virtual Infrastructure for Cloud Computing", presented by F. John Krautheim from the University of Maryland, Baltimore County, presented an approach that proposed what the author calls a Private Virtual Infrastructure.
The privacy and security issues that concern enterprises, schools and organizations wanting to take advantage of cloud computing were addressed in other papers given at the workshop, a few of which are further discussed here (CloudNet and Trusted Cloud Computing).
The approach presented by Krautheim implements what he calls a Private Virtual Infrastructure (PVI). A PVI is described as a "virtual datacenter [sic] over the existing cloud infrastructure." The data center is "under the control of the information owner" the paper says, while the fabric is under the control of the operator (of the cloud service).
Both the client and the service provider are required to share certain types of security information, and service level agreements (SLAs) can further define the roles and responsibilities of all parties in the agreement. The paper proposed that every service in the cloud must be able to report security properties, and that the properties must be cryptographically bound and signed.
Five basic tenets are described as essential to cloud security:
- A trusted foundation on which to build a PVI must exist.
- A 'secure factory' must be provided to provision the PVI. This 'factory' will also serve as a policy decision point and root authority for PVI.
- A measurement mechanism should be provided to validate the security of the fabric before provisioning the PVI. Krautheim refers to this as a secure factory.
- A measurement mechanism to validate the security of the fabric should be in place before provisioning PVI.
- Secure methods for shutdown and destruction of virtual devices in a PVI should be in place to prevent object reuse attacks.
- The PVI should be continuously be monitored both from within and from out side of the PVI, using intrusion detection and other devices.
The paper goes into detail regarding each of the five tenets listed above. Krautheim argues that service providers who offer a transparent view of their infrastructures so that customers can understand the vendor's security posture will have a competitive advantage over vendors who obscure their security structure's inner workings.
"In the end, cooperation between vendor and customer will result in increased security while lowering the overall cost of ownership for IT infrastructure," the paper concludes.