CHAPTER TWO

LITERATURE REVIEW
2.1 INTRODUCTION
Cloud computing is revolutionizing many of our ecosystems, including healthcare.
Compared with earlier methods of processing data, cloud computing environments
provide significant benefits, such as the availability of automated tools to
assemble, connect, configure and reconfigure virtualized resources on demand.
These make it much easier to meet organizational goals as organizations can easily
deploy cloud services. However, the shift in paradigm that accompanies the
adoption of cloud computing is increasingly giving rise to security and privacy
considerations relating to facets of cloud computing such as multi-tenancy, trust,
loss of control and accountability. Consequently, cloud platforms that handle
sensitive information are required to deploy technical measures and organizational
safeguards to avoid data protection breakdowns that might result in enormous and
costly damages.
Sensitive information in the context of cloud computing encompasses data from a
wide range of different areas and disciplines. Data concerning health is a typical
example of the type of sensitive information handled in cloud computing
environments, and it is obvious that most individuals will want information related
to their health to be secure. Hence, with the proliferation of these new cloud
technologies in recent times, privacy and data protection requirements have been
evolving to protect individuals against surveillance and database disclosure. Some
examples of such protective legislation are the EU Data Protection Directive
(DPD) and the US Health Insurance Portability and Accountability Act (HIPAA),
both of which demand privacy preservation for handling personally identifiable
information.
2.2 KEY CONCEPTS AND TECHNOLOGIES
Over the past few years, major IT vendors (such as Amazon, Microsoft and
Google) have provided virtual machines (VMs), via their clouds, that customers
could rent. These clouds utilize hardware resources and support live migration of
VMs in addition to dynamic load-balancing and on-demand provisioning. This
means that, by renting VMs via a cloud, the entire datacenter footprint of a modern
enterprise can be reduced from thousands of physical servers to a few hundred (or
even just dozens) of hosts. While it is practical and cost effective to use cloud
computing in this way, there can be issues with security when using systems that
are not provided in-house. To look into these and find appropriate solutions, there
are several key concepts and technologies that are widely used in cloud computing
that need to be understood, such as virtualization mechanisms, varieties of cloud
services and container technologies.
2.2.1 Virtualization Mechanisms
A hypervisor or virtual machine monitor (VMM) is a key component that resides
between VMs and hardware to control the virtualized resource. It provides the
means to run several isolated virtual machines on the same physical host.
Hypervisors can be categorized into two groups.
 Type I: Here the hypervisor runs directly on the real system hardware, and there
is no operating system (OS) under it. This approach is efficient as it eliminates
any intermediary layers. Another benefit with this type of hypervisor is that
security levels can be improved by isolating the guest VMs. That way, if a VM
is compromised, it can only affect itself and will not interfere with the
hypervisor or other guest VMs.
 Type II: The second type of hypervisor runs on a hosted OS that provides
virtualization services, such as input/output (IO) device support and memory
management. All VM interactions, such as IO requests, network operations and
interrupts, are handled by the hypervisor.

2.2.2 Cloud Computing Characteristics

When considering cloud computing, we need to be aware of the types of services
that are offered, the way those services are delivered to those using the services,
and the different types of people and groups that are involved with cloud services.
Cloud computing delivers computing software, platforms and infrastructures as
services based on pay-as-you go models.
Cloud service models can be deployed for on-demand storage and computing
power in various ways: Software-as-a-Service (SaaS), Platform-as-a-Service
(PaaS) and Infrastructure-as-a-Service (IaaS). Cloud computing service models
have been evolved during the past few years within a variety of domains using the
“as-a-Service” concept of cloud computing such as Business Integration-as-a-
Service, Cloud-Based Analytics-as-a-Service (CLAaaS), Data-as-a-Service
(DaaS). Referring to the NIST cloud service models features that are summarized
in Table 1 that can be delivered to consumers using different models such as a
private cloud, community cloud, public cloud, or hybrid cloud.
Table 1: Categorization of Cloud Service Models and Features
Service Model Function Example
SaaS Allows consumers to run Salesforce Customer
applications by Relationship
virtualizing hardware on Management
the resources of the (CRM
cloud providers
PaaS Provides capability of Google App Engine4,
deploying custom Heroku
applications with their
dependencies within an
environment called a
container
IaaS Provides a hardware Amazon Elastic Compute
platform as a service Cloud (EC2)
such
as virtual machines,
processing, storage,
networks and database
services.

The NIST cloud computing reference architecture, defines five major actors in the
cloud arena: cloud consumers, cloud providers, cloud carriers, cloud auditors and
cloud brokers. Each of these actors is an entity (either a person or an organization)
that participates in a cloud computing transaction or process, and/or performs
cloud computing tasks.
 A cloud consumer is a person or organization that uses services from cloud
providers in the context of a business relationship.
 A cloud provider is an entity that makes cloud services available to the
interested users.
 A cloud auditor conducts independent assessments of cloud services,
operations, performance and security in relation to the cloud deployment.
 A cloud broker is an entity that manages the use, performance and delivery of
cloud services, and also establishes relationships between cloud providers and
cloud consumers.
 A cloud carrier is an entity that provides connectivity and transport of cloud
services from cloud providers to cloud consumers through the physical
networks.
The majority of cloud computing infrastructures consist of reliable services
delivered through data centers to achieve high availability through redundancy. A
data center or computer center is a facility used to house computer systems and
associated components, such as storage and network systems. It generally includes
redundant or backup power units, redundant network connections, air conditioning,
and fire safety controls.
2.2.3 Containers Technology
Containers are built on the hardware and operating system but they make use of
kernel features called chroots, cgroups and namespaces to construct a contained
environment without the need for a hypervisor. The most recent container
technologies are Solaris Zones, OpenVZ and LXC.
In 2004, Solaris version 10 used zones as facilities to provide protected virtualized
environments within a single host. Every Solaris system includes a global zone for
both system and system-wide administrative control, and may have one or more
non-global zones. All processes run in the global zone if there is no non-global
zone. The global zone is aware of all devices and all file systems, while non-global
zones are not aware of the existence of any other zones. Zone-based containers
provide isolation, security and virtualization. Zones are similar to jails with
additional features such as snapshots and cloning that make it possible to clone
efficiently or to duplicate a current zone into a new zone.
In 2005 OpenVZ 9 containers were introduced using a modified Linux kernel with
a set of extensions. OpenVZ is based on the namespace and control group concepts
in contrast to jails, which were used in FreeBSD.
Later in 2008, LXC10 emerged as a container management tool and it combined
namespaces and control groups to create a fully isolated environment. It provides
libraries and command-line support to enable administrators to create new
containers.
LXC containers can be used in either privileged (as a root user) or unprivileged (as
a nonroot user) modes to easily customize kernel capabilities or configure cgroups
to satisfy the particular requirements.
2.3 CLOUD SECURITY AND PRIVACY CHALLENGES
Cloud computing has raised several security threats such as data breaches, data
loss, denial of service, and malicious insiders that have been extensively studied in.
These threats mainly originate from issues such as multi-tenancy, loss of control
over data and trust.
Consequently, the majority of cloud providers – including Amazon’s Simple
Storage Service, the Google Compute Engine and the Citrix Cloud Platform do not
guarantee specific levels of security and privacy in their service level agreements
(SLAs) as part of the contractual terms and conditions between cloud providers
and consumers. This means that there are important concerns related to security
and privacy that must be taken into consideration in using cloud computing by all
parties involved in the cloud computing arena.
2.3.1 Security Issues in Cloud Computing
 Multi-tenancy: multi-tenancy refers to sharing physical devices and virtualized
resources between multiple independent users. Using this kind of arrangement
means that an attacker could be on the same physical machine as the target.
Cloud providers use multi-tenancy features to build infrastructures that can
efficiently scale to meet customers’ needs; however, the sharing of resources
means that it can be easier for an attacker to gain access to the target’s data.
 Loss of Control: Loss of control is another potential breach of security that can
occur where consumers’ data, applications, and resources are hosted at the
cloud provider’s owned premises. As the users do not have explicit control over
their data, this makes it possible for cloud providers to perform data mining
over the users’ data, which can lead to security issues. In addition, when the
cloud providers backup data at different data centers, the consumers cannot be
sure that their data is completely erased everywhere when they delete their data.
This has the potential to lead to misuse of the un-erased data. In these types of
situations where the consumers lose control over their data, they see the cloud
provider as a black-box where they cannot directly monitor the resources
transparently.
 Trust Chain in Clouds: Trust plays an important role in attracting more
consumers by assuring on cloud providers. Due to loss of control (as discussed
earlier), cloud users rely on the cloud providers using trust mechanisms as an
alternative to giving users transparent control over their data and cloud
resources. Therefore, cloud providers build confidence amongst their customers
 by assuring them that the provider's operations are certified in compliance with
organizational safeguards and standards.
2.3.2 Privacy Considerations of Processing Sensitive Data
The security issues in cloud computing led to a number of privacy concerns.
Privacy is a complex topic that has different interpretations depending on contexts,
cultures and communities, and it has been recognized as a fundamental human
right by the United Nations. It worth nothing that privacy and security are two
distinct topics although security is generally necessary for providing privacy.
Several efforts have been made to conceptualize privacy by jurists, philosophers,
researchers, psychologists, and sociologists in order to give us a better
understanding of privacy – for example, Alan Westin’s research in 1960 is
considered to be the first significant work on the problem of consumer data privacy
and data protection. Westin defined privacy as follows. “Privacy is the claim of
individuals, groups, or institutions to determine for themselves when, how, and to
what extent information about them is communicated to others.”
The International Association of Privacy Professionals (IAPP) glossary 27 refers to
privacy as the appropriate use of information under the circumstances. The notion
of what constitutes appropriate handling of data handling varies depending on
several factors such as individual preferences, the context of the situation, law,
collection, how the data would be used and what information would be disclosed.
2.4 SECURITY SOLUTIONS
This section reviews the research on security solution such as authentication,
authorization, and identity management as being necessary so that the activities of
cloud providers are sufficiently secure.
2.4.1 Authentication and Authorization
This study identifies a set of categories relevant for authentication and
authorization for the cloud focusing on infrastructural organization which include
classifications for credentials, and adapt those categories to the cloud context. The
study also summarizes important factors that need to be taken into consideration
when adopting or developing a solution for authentication and authorization – for
example, identifying the appropriate requirements, categories, services,
deployment models, lifecycle, and entities.
Another authentication solution is seen with MiLAMob, which provides a SaaS
authentication middleware for mobile consumers of IaaS cloud applications.
MiLAMob is a middleware-layer that handles the real-time authentication events
on behalf of consumer devices with minimal HTTP traffic. The middleware
currently supports mobile consumption of data on IaaS clouds such as Amazon’s
S3.
2.4.2 Identity and Access Management
The important functionalities of identity management systems for the success of
clouds in relation to consumer satisfaction is discussed. An authorization system
for cloud federation using Shibboleth - an open-source implementation of the
security assertion markup language (SAML) for single sign-on with different cloud
providers demonstrates how organizations can outsource authentication and
authorization to third-party clouds using an identity management system. Stihler et
al. also propose an integral federated identity management for cloud computing. A
trust relationship between a given user and SaaS domains is required so that SaaS
users can access the application and resources that are provided. In a PaaS domain,
there is an interceptor that acts as a proxy to accept the user’s requests and execute
them. The interceptor interacts with the secure token service (STS), and requests
the security token using the WS-Trust specification.
IBHMCC is another solution that contains identity-based encryption (IBE) and
identity-based signature (IBS) schemes. Based on the IBE and IBS schemes, an
identity-based authentication for cloud computing has been proposed. The idea is
based on the identity-based hierarchical model for cloud computing along with the
corresponding encryption and signature schemes without using certificates for
simplified key management.
Contrail is another approach that aims to enhance integration among heterogeneous
clouds both vertically and horizontally. Vertical integration provides a unified
platform for the different kinds of resources while horizontal integration abstracts
the interaction models of different cloud providers.
2.4.3 Confidentiality, Integrity, and Availability
Santos et al. extend the Terra design that enables users to verify the integrity of
VMs in the cloud. The proposed solution is called the trusted cloud computing
platform (TCCP), and the whole IaaS is considered to be a single system instead of
granular hosts in Terra. In this approach, all nodes run a trusted virtual machine
monitor to isolate and protect virtual machines.
Users are given access to cloud services through the cloud manager component.
The external trusted entity (ETE) is another component that provides a trust
coordinator service in order to keep track of the trusted VMs in a cluster. The ETE
can be used to attest the security of the VMs.
A TCCP guarantees confidentiality and integrity in data and computation and it
also enables users to attest to the cloud service provider to ensure whether the
services are secure prior to setting up their VMs. These features are based on the
trusted platform module (TPM) chip. The TPM contains a private endorsement key
that uniquely identifies the TPM and some cryptographic functions that cannot be
altered.
In 2011, Popa et al. proposed Cloud Proof as a secure storage system to guarantee
confidentiality, integrity and write-serializability using verifiable proofs of
violation by external third parties. Confidentiality is ensured by private keys that
are known only to the owner of the data that is to be encrypted. The main idea
behind Cloud Proof is the use of the attestation mechanism. Attestations provide
proof of sanity of users, data owners and cloud service providers. Data owners use
a block identifier to acquire the content of a block. This mechanism enables users
to store data by putting a block identifier and the contents of the block in the cloud.
The attestation structure implements a solution called “block hash” for performing
integrity checks through signature verification. The block hash provides proof for
write-serializability using a forked sequence of the attestations while a chain hash
is used for a broken chain of attestations which are not sequenced correctly.
Fuzzy authorization (FA) for cloud storage is another flexible and scalable
approach to enable data to be shared securely among cloud participants. FA
ensures confidentiality, integrity and secure access control by utilizing secret
sharing schemes for users with smartphones who are using the cloud services.
2.4.4 Security Monitoring and Incident Response
Anand presents a centralized monitoring solution for cloud applications consisting
of monitoring the server, monitors, agents, configuration files and notification
components. Redundancy, automatic healing, and multi-level notifications are
other benefits of the proposed solution which are designed to avoid the typical
drawbacks of a centralized monitoring system, such as limited scalability, low
performance and single point of failure.
Brinkmann et al. present a scalable distributed monitoring system for clouds using
a distributed management tree that covers all the protocol-specific parameters for
data collection.
Data acquisition is done through specific handler implementations for each
infrastructure-level data supplier. Data suppliers provide interoperability with
cloud software, virtualization libraries and OS-level monitoring tools. The authors
review the limitations of existing intrusion detection systems and discuss VM-level
intrusion detection as an emerging area for securing VMs in cloud environments.
The requirements for an efficient intrusion detection system for cloud
infrastructures – including multi-tenancy, scalability and availability – are
identified and a VM introspection detection mechanism via a hypervisor is
proposed.
2.4.5 Security Policy Management
By proposing a generic security management framework that will allow providers
of cloud data management systems to define and enforce complex security policies
through a policy management module, the user activities will be stored and
monitored for each storage system, and be made available to the policy
management module. Users’ actions are evaluated by a trust management module
based on their past activities and are grouped as “fair” or “malicious”. An
appropriate architecture for security management which satisfies the requirements
of policy definitions (such as flexibility, expressiveness, extendibility and
correctness) has been implemented. The authors evaluated the proposed system on
a data management system that is built on data storage.
Takabi et al. introduce policy management as a service (PMaaS) to provide users
with a unified control point for managing access policies in order to control access
to cloud resources independently of the physical location of cloud providers.
PMaaS is designed specifically to solve the issue of having multiple access control
authorization mechanisms employed by cloud service providers that restrict the
flexibility of applying custom access control to a particular service. For this
purpose, the PMaaS architecture includes a policy management service provider
that is the entry point for cloud users to define and manage the policies. The cloud
service provider imports the user-defined policies and acts a policy decision point
to enforce the user policies.
2.5 PRIVACY-PRESERVATION FOR SENSITIVE DATA IN CLOUD
COMPUTING
Over the time, organizations have collected valuable information about the
individuals in our societies that contain sensitive information, e.g., medical data.
Researchers need to access and analyze such data using big data technologies in
cloud computing, while organizations are required to enforce data protection
compliance.
There has been considerable progress on privacy preservation for sensitive data in
both industry and academia, e.g., solutions that develop protocols and tools for
anonymization or encryption of data for confidentiality purposes.
Pearson discusses a range of security and privacy challenges that are raised by
cloud computing. Lack of user control, lack of training and expertise, unauthorized
secondary usage, complexity of regulatory compliance, transborder data flow
restrictions and litigation are among the challenges faced in cloud computing
environments. Among the privacy challenges of genomic data in the cloud include
terms of services of cloud providers that are not developed with a healthcare
mindset, awareness of patient to upload their data into the cloud without their
consent, multi-tenancy, data monitoring, data security and accountability.
Homomorphic encryption is another privacy-preserving solution that is based on
the idea of computing over encrypted data without knowing the keys belonging to
different parties. To ensure confidentiality, the data owner may encrypt data with a
public key and store data in the cloud. When the process engine reads the data,
there is no need to have the DP’s private key to decrypt the data. In private
computation on encrypted genomic data.
Anonymization is another approach to ensure the privacy of sensitive data. SAIL
provides individual-level information on the availability of data types within a
collection. Researchers are not able to cross-link (which is similar to an equality
join in SQL) data from different outside studies, as the identities of the samples are
anonymized. Also, an integration architecture may be proposed to make it possible
to perform aggregated queries over anonymized medical data sets from different
data providers. In this solution, data providers remove the data subjects’ identifiers
and apply a two-level encryption using hashing and PKI certificates. The sensitive
information will then be anonymized using an open-source toolkit and will be
encrypted granularly using the cloud provider’s public key.
ScaBIA is another solution for processing and storing anonymized brain imaging
data in cloud. This approach provides PKI authentication for administrator roles to
deploy a PaaS middleware and defines researchers as users in the in Microsoft
Azure cloud. Researchers are allowed to login by username/password to run
statistical parametric mapping workflows within isolated generic worker
containers. The brain imaging datasets and related results can be shared by the
researchers using a RBAC model over secure HTTPS connections.