University - Visvesvaraya Technological University
College - Global Academy of Technology
IEEE paper - 2015
by - G AISHWARYA, ALOK KUMAR, GAURAV KUMAR MISHRA, KEDAR RAVINDRA KULKARNI
under the guidance of - Dr. LATHA C A
Decentralized cloud firewall framework with resources provisioning cost optimization
1. Global Academy Of Technology
Department of CSE
10CS85 - A Decentralized Cloud Firewall
Framework with Resources Provisioning
Cost Optimization
GUIDE – Dr. LATHA C A ALOK KUMAR(1GA12CS007)
Professor G. AISHWARYA(1GA12CS024)
GAURAV KUMAR MISHRA(1GA12CS025)
KULKARNI KEDAR RAVINDRA(1GA12CS042)
2. Index
• Objective
• Introduction
• Proposed System
• Architecture
• System requirement
• System Design
• Implementation
• Testing
• Conclusion
• Bibliography
2
3. Objective
• To optimize resources provisioning cost, while satisfying QoS
requirement at the same time.
• To establish a firewall to protect the cloud resources from the
attacks.
4. Introduction
• Cloud computing is a new flexible approach for providing higher
computational power in shared medium.
• It provides the distributed model based on self-evaluating techniques to
improve the processing capabilities of the system with lesser managerial
concerns.
• It is made up of client, application, platform, servers and infrastructures.
• we propose a decentralized cloud firewall framework.
• Firewalls are the first line when defending against malicious traffic.
• The cloud firewall is offered by Cloud Service Providers (CSP) and placed
at access points between cloud data center and the Internet.
5. Proposed System
• In proposed system, the system propose a decentralized cloud
firewall framework for individual cloud customers.
• We introduce novel queuing theory based model M/Geo/1 or
M/Geo/m for performance analysis of the proposed cloud
firewall.
• The system establish a mathematical model according to cloud
firewall rule matching discipline and derive that system
service times follow geometric distribution.
6. ADVANTAGES
• Resources are dynamically allocated to optimize the
provisioning cost, and guarantee QoS requirement specified by
customers at the same time.
• The simulation results claim that geometric distribution is
more suitable for firewall system modeling.
• It give a deep insight into tradeoff among optimal resources
provisioning cost.
• The system formulate the resources provisioning cost.
13. Implementation
Cloud Gateway
• In general computer usage, login is the procedure used to get access to an
operating system or application,
• The user ID can be freely known and is visible when entered at a keyboard
or other input device.
• The password must be kept secret (and is not displayed as it is entered).
• The Users and admin has login using this panel If the client is a user, they
go users further more Action, if the person is admin.
• They go the Admin login panel for proceed their Action
15. Implementation
Registration and Login User
• If new User need the Cloud Service.
• That users should register in site to use our service , registered users can
then enter the site by logging on.
• Who’s doesn’t have register in cloud they doesn’t use the cloud
services. And their request has denied from the cloud Server.
17. Implementation
Admin Cloud Control System
• System Admin Monitor the user s Action register user action if
untrusted means, their permission’s are denied, that user id has removed
from server.
• Control the user Action.
• If user request the firewall. System admin has provide firewall for
secure cloud service.
• So they monitor Firewall cloud user and all users.
19. Implementation
Activate Firewall Authentication
• If the User need Cloud Storage , they should have Firewall.
• Because maximum of the user request has DDOS or Edos attack or Botnet
signature in their file.
• This virus signature File affect the cloud service in server level. And total it
collapse the and attack is launch in server level.
• To Avoid these Attacks and prevent the cloud by way the Activate firewall.
• So here the user id and password we Request the firewall to the System admin.
Admin has Activate the Firewall for request User’s and proceed the cloud Storage.
21. Implementation
File Transfer in Real Cloud
• The User enter The Cloud storage Service using Their Cloud Id and
Password.
• But The User Store their Detail in real Cloud They must have Activate
Firewall.
• After Verify The Firewall Id And Then we upload The Our files and Data
in Real Cloud.
• The Users Doesn’t have Firewall Activation their Cloud service Has
Denied.
• Because The file Maybe attached in Virus signature.
23. Testing
• Test Case ID: 2
• Description: Manual Testing on User Registration
• Modules: Registration and Login User
• Prepared By: Gaurav Kumar Mishra
• Date Prepared: 26/04/2016
• Reviewed / Updated: G. Aishwarya
• Date Reviewed: 27/04/2016
• Tested By: Kedar Ravindra Kulkarni
• Date Tested: 27/04/2016
• Step Description: If new User, Registration should be done
• Expected Results: User should enter all his/her details and
successfully register. Once registration is done, one new row should be
created in user table.
• Actual Result: Pass
26. Testing
• Test Case ID:10
• Description: Manual Testing on User Login Module
• Modules: Registration and Login User
• Prepared By: Gaurav Kumar Mishra
• Date Prepared: 26/04/2016
• Reviewed / Updated: Kedar Ravindra Kulkarni, Alok Kumar
• Date Reviewed: 27/04/2016
• Tested By: Alok Kumar
• Date Tested: 27/04/2016
• Step Description: Admin view the user details
• Expected Results: Admin should be able to view the user details and
firewall details.
• Actual Result: Pass
28. Conclusion
• We propose a Cloud Trust framework, where several firewall
running in parallel to guarantee QoS requirement.
• As resources are dynamically allocated in Cloud Trust, we
investigate how to optimize the resources provisioning cost.
• We establish novel queuing theory based model for
performance analysis of the proposed Cloud Trust, where
firewall service times are modeled to follow geometric
distribution.
• Extensive simulations confirm that M/Geo/1 reflects the
Cloud Trust real system better than traditional Model.
29. Bibliography
• Z. Xiao and Y. Xiao, “Security and privacy in cloud computing,”IEEE Commun.
Surveys Tuts., vol. 15, no. 2, pp. 843–859, May 2013.
• C. Hoff. (2008). Cloud computing security: From ddos attack (dis-tributed denial
of servie) to edos (economic denial of sustainabil-ity) [Online]. Available:
http://www.rationalsurvivability.com/blog/?p=66.
• T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, “Hey, you, get off of my
cloud: Exploring information leakage in third-party compute clouds,” in Proc. 16th
ACM Conf. Comput. Commun. Secu-rity , 2009, pp. 199–212.
• K. Salah, K. Elbadawi, and R. Boutaba, “Performance modeling and analysis of
network firewalls,” IEEE Trans. Netw. Serv. Man-age. , vol. 9, no. 1, pp. 12–21,
Mar. 2012
30. Bibliography
• Z. Xiao and Y. Xiao, “Security and privacy in cloud computing,”IEEE Commun.
Surveys Tuts., vol. 15, no. 2, pp. 843–859, May 2013.
• C. Hoff. (2008). Cloud computing security: From ddos attack (dis-tributed denial
of servie) to edos (economic denial of sustainabil-ity) [Online]. Available:
http://www.rationalsurvivability.com/blog/?p=66.
• T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, “Hey, you, get off of my
cloud: Exploring information leakage in third-party compute clouds,” in Proc. 16th
ACM Conf. Comput. Commun. Secu-rity , 2009, pp. 199–212.
• K. Salah, K. Elbadawi, and R. Boutaba, “Performance modeling and analysis of
network firewalls,” IEEE Trans. Netw. Serv. Man-age. , vol. 9, no. 1, pp. 12–21,
Mar. 2012