The State of Public Infrastructure-as-a-Service Cloud Security


Most of the people Infrastructure-as-a-Service (IaaS) cloud enterprise has reached a essential mass to this point few years,
with many cloud service suppliers fielding competing suppliers. Whatever the rivals, we uncover among the many
security mechanisms provided by the suppliers to be comparable, indicating that the cloud enterprise has established
fairly a number of “best-practices,” whereas totally different security mechanisms fluctuate broadly, indicating that there’s moreover
nonetheless room for innovation and experimentation. We study these variations and attainable underlying
causes for it. We moreover distinction the protection mechanisms provided by public IaaS cloud decisions and with
security mechanisms proposed by academia over the similar interval. Lastly, we speculate on how enterprise and
academia may work collectively to unravel the pressing issues of safety in public IaaS clouds going forward.
CCS Concepts: Security and privateness→Virtualization and security; Distributed strategies security; Networks→Cloud computing
Additional Key Phrases and Phrases: Public Infrastructure-as-a-Service Cloud
ACM Reference Format:
Wei Huang, Afshar Ganjali, Beom Heyn Kim, Sukwon Oh, and David Lie. 2015. The state of public

Cloud computing has expert numerous curiosity in every academia and enterprise
currently. With an estimated enterprise measurement of $131B,1 there could also be little doubt that it
is every a worthwhile know-how and enterprise model. By combining utilized sciences resembling
virtualization, internet APIs, and fast networks, cloud know-how permits the provisioning
and rental of compute infrastructure over the Net. Equally, by offering enterprise
advantages resembling elasticity, the ability to defer capital expenditures, and the ability to
outsource IT administration costs, cloud firms current many patrons a priceless
Cloud computing suppliers could be broadly categorised into three lessons based on
the extent of abstraction of computing property they provide. On the best diploma are
Software program program-as-a-Service (SaaS) clouds, which provide full software program program functions;
Platform-as-a-Service (PaaS) clouds, which provide language runtimes and help
libraries; and, lastly, Infrastructure-as-a-Service (IaaS) clouds, which provide genericcomputing infrastructure property resembling digital machines and key-value object
storage. Cloud computing infrastructure could be public, that implies that it’s shared amongst
various, mutually distrustful tenants, or it could be private, that implies that each property
are reserved for one tenant solely. Public clouds serve a quite a bit greater market
and thus are usually obtainable at a lower value. Nonetheless, the multitenant nature of
public clouds signifies that they face many additional security challenges than private clouds
On this text, we take care of the protection of public IaaS clouds. Inherent to using the
cloud is the duty of perception, by the patron, to the Cloud Service Provider (CSP)
to honestly and appropriately current suppliers. In addition to, since public cloud prospects
are mutually distrustful, prospects moreover perception the CSP to protect their data from totally different
CSP prospects. This shift in perception and accountability leads to the two new threats that
cloud prospects face: threats from a malicious CSP and threats from totally different prospects
of their CSP. These security threats could be directed at any of the three typical
security properties—confidentiality, integrity, and availability—of the patron’s data.
In addition to, cloud computing moreover supplies a model new, fourth property, which is the protection
of the contractual relationship between the patron and the CSP. As an example, the
contract between the CSP and purchaser might specify certain properties of the service,
resembling constraints on the state of affairs the place the data must be saved or ensures of a
certain diploma of effectivity. A compromise of contractual security would occur if the
CSP offers a lower diploma of service than the patron paid for or if the patron had been
able to steal additional service than was paid for.
So far, fairly a number of surveys on cloud computing security have been printed
throughout the literature [Armbrust et al. 2010; Chen et al. 2010b; Cloud Security Alliance
2011; Takabi et al. 2010; Barker et al. 2014]. Nonetheless, the cloud computing enterprise
has very simply currently reached a essential mass, with many CSPs introducing public
IaaS suppliers in solely the last few years. As an example, HP’s public cloud merely reached
regular availability on the end of 2012, Google’s Compute Engine turned usually
obtainable within the summertime of 2013, whereas Verizon’s public cloud completed its beta half
in late 2014. Of the CSPs listed throughout the Gartner’s analysis of the IaaS enterprise [Gartner
2013], all have solely been usually obtainable for decrease than 5 years, with six changing into a member of in
solely the ultimate three years (as confirmed in Desk II). However, whatever the fierce enterprise rivals,
we uncover many commonalities among the many many security properties of the CSP decisions,
which signifies that the enterprise is on its choice to establishing a set of necessities
or “best-practices” that define what security properties a public IaaS service should
The precept purpose of this survey is to find out these IaaS enterprise best-practices and
consider them with the evaluation contributions from academia from the similar interval of
time when this enterprise essential mass arose. Significantly, we set the following aims for
this survey:
(1) Set up the protection mechanisms used throughout the IaaS enterprise and decide circumstances
the place the enterprise has come to a consensus on best-practice choices.
(2) Set up the IaaS issues of safety described by academia and the mechanisms
proposed to unravel these points.
(three) Understand how enterprise best-practices might have an effect on proposed academic choices
and the way in which academic evaluation might help enterprise extra arrange additional bestpractices.


Please enter your comment!
Please enter your name here