http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7956.pdf
http://arxiv.org/ftp/arxiv/papers/1303/1303.4814.pdf
http://www.fiercegovernmentit.com/story/nist-cryptographic-key-management-challenge-cloud/2013-09-30
Cloud computing defined
Cloud computing is basically a type of virtual system that allows for on-demand network access to shared pool of configurable resources, such as other networks, servers, storage, applications, and services. Users then have the flexibility to develop, host, and run these resources on demand anytime and anywhere. The providers of these resources are able to quickly release, distribute, and provision them with minimal effort or interaction.
Cloud service types
Cloud computing consists mostly of three different service types: IaaS (Infrastructure-as a Service), PaaS, (Platform-as a Service), and SaaS (Software-as a Service), and four "cloud deployment modes" (Public, Private, Community, and Hybrid) that define the ways that cloud services are delivered. Each of the three cloud computing types (IaaS, PaaS, SaaS) have separate features and structures where different functions are needed to construct and maintain the required security levels against the various types of security threats.
Features of the IaaS cloud model
This article discusses the unique security threats and security levels required for the IaaS cloud deployment model. This model provides the consumer with basic storage and computing capabilities as standardized services over the network. Servers, storage systems, networking equipment, data center space etc. are centralized and made available on demand to handle workloads. The cloud provider provides the hardware and the necessary software tools (in the form of abstraction layers) needed to host various platforms for cloud consumers, such as operating systems, applications, databases, etc. This can create huge savings for the consumer, as hardware and operating costs for computer systems and networks are replaced by a virtual machine accessed through the cloud.
Lack of consumer control over security
However, there are several drawbacks to this, most of which involve the amount of control the consumer has over security measures. Whenever a customer decides to use IaaS from a cloud service provider, security measures for data, communications, etc., must depend on the security measures built in by the IaaS cloud provider. Lack of security control is what prevents many companies from transferring their computing activities to the cloud, or use it only for less sensitive data. However, the consumer does have greater control over security measures when using the Iaas cloud model, as compared to the Paas and Saas models. The consumer can control all aspects of security related to the particular virtual machine (VM) instance being used. Including database, runtimes, and applications. The provider still must implement all of the infrastructure-level security functions, which the user has no control over.
New challenges because of virtualization
Since virtualization is the foundation in the structures of most IaaS systems because of its flexibility and scale-up capabilities, new challenges are introduced when implementing a key management system for security control. It is possible to authenticate pre-defined virtual machine image templates through traditional encryption, digital signature, cryptographic hash function, or message authentication code, but these traditional methods don't always work for virtualization, because if it inherent structure. It is therefore necessary to employ cloud-specific solutions to solve many of the unique security problems associated with IaaS cloud models.
Security capabilities for service-level administrators