ISSN: 2182-2069 (printed) / ISSN: 2182-2077 (online)
A Comprehensive Study on the Dimensions of IaaS Security
In this paper we conduct a systematic exploration of the security considerations of Infrastructure-as-a-Service (IaaS) cloud deployments. These deployments are very common in the landscape of Research and Ecudation as well as the corporate world. The aim of this work is to provide an exhaustive list of concerns that can help both researchers and deployers of such systems. The organizing principle of our study is the architecture of the typical IaaS cloud. Here we identify three major layers: physical infrastructure, cloud middleware and virtual infrastructure. We also consider auxiliary element, the operations centre. In the physical layer we explore the questions of disaster recovery, and covert channel and side channel attacks, mostly exploiting hardware vulnerabilities. In the middleware we investigate the general cryptography of the IaaS as well as Trusted Computing. In the virtual layer, we present the most common issues in Virtual Machine handling, handling of updates and handling of malicious insiders. Regarding the operations centre we investigate the questions of monitoring, network management, the issues with the API’s and the user portal, with special attention to authorization and permission management. Running IaaS clouds in a secure way requires a large team comprised of people with various technical backgrounds. Based on our experience with running a national-level IaaS cloud we found that most of the security researchers focus on one specific issue. We believe an important value of our contribution is the synthesis of all the relevant dimensions, with special attention to various, often overlooked aspects of the IaaS deployment.