Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-security-in-cloud

220 views

Published on

Cloud Computing intends a trend in computing model arises many security issues in all levels such as: network, application, data and host.
These models put up different challenges in security
Depending on consumers, models QOS(quality of service) requirements. Privacy, authentication, secre-cy are main concern for both consumers and cloud providers. IaaS serves as base for other models, if the security in this model is uncertain; it will affect the other models too. This paper delivers a examine the countermeasures and exposures. As a research we project security Assessment and improvement in Iaas layer.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
220
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-security-in-cloud

  1. 1. ISSN: XXXX-XXXX Volume X, Issue X, Month Year Problems and Solutions: Infrastructure as service security In Cloud Ashok Kumar H Dept of Computer Science and Engineering BTL Institute of Technology Bangalore, India ashokhoskera@gmail.com Abstract: Cloud Computing intends a trend in computing model arises many security issues in all levels such as: network, application, data and host. These models put up different challenges in security Depending on consumers, models QOS(quality of service) requirements. Privacy, authentication, secre- cy are main concern for both consumers and cloud providers. IaaS serves as base for other models, if the security in this model is uncertain; it will affect the other models too. This paper delivers a examine the countermeasures and exposures. As a research we project security Assessment and improvement in Iaas layer. 1. Introduction The essential models of cloud are namely Software, Platform, and Infrastructure as service in Cloud Computing. Above models are accessed by the cus- tomers or consumers by service via Internet, these services are usable as pay-as-you-need, where users can pay only for the resources they use in time. Not like other services as web hosting. The Price varies accordingly with QOS requirements. And the models based on relationship with organization, sorted on Public, Hybrid and Private. Private cloud is men- tioned for internal Datacenters in organization but not for general Public. Some of the Emerging and re- nowned Cloud Computing Platforms are AMAZON, WINDOWS AZURE etc. The mix-up between cloud computing and SOA(Software Oriented Architecture) are considered to be complementary services which share common characters. If SOA is set of rules, principles and Methodologies which are designed to help communication and system integration irrespec- tive of development languages & platforms. Cloud computing is planned for companies to utilize the bulk capacities instantly without investing for a New- er Infrastructure, Training, recruiting New staff or to license the software. Cloud Computing depends on IaaS to facilitate cheap and pas-as-you-go power for data storage and other resources which are shared. Fig: a) Cloud Delivery Models We looked into security for each IaaS component like: Utility Computing (UC), Service Level Agree- ment (SLA), Platform Virtualization, Networks and Internet Connectivity, and Computer Hardware. Component as Service (Caas) Platform as Service(Paas) Infrastructure as service(Iaas) Servers Virtualization Cloud Computing
  2. 2. International Journal of Innovatory research in Science and Management - IJIRSM ISSN: XXXX-XXXX Volume X, Issue X, Month Year 10 2. IAAS Components Iaas consists of several components which are devel- oped through the years, but applying them in out- sourced and shared environment carry multiple chal- lenges, breaching the security of any of the compo- nent will collapse the entire system. A. Service level Agreement (SLA). Cloud Computing goes forth to set of IT man- agement complexities. And using SLA is answer to assure acceptance level of QOS. SLA encom- passes contract definition, negotiation, moni- toring and enhancement. Contract definition and negotiation stage is very important to un- derstand the benefits and responsibilities for each party. Any mistakes will affect the security and leave the client exposure to vulnerabilities. Monitoring and enforcing SLA is important to build faith among client. B. Utility Computing This concept is not new. Its plays a crucial role in grid computing development. It bundles the resource (e.g. Bandwidth, storage etc.). As measured service It reduces the cost in owning resource; client can pay as per the usage and it’s been developed to help the scalable systems. Amazon allows second level meth- od to measure the usages of AWS services and bill according to the prices for user. C. Cloud Software There exist many open sourced cloud software implementations namely: Nimbus, it binds the cloud components together. But can’t ensure the bugs in the software, it provides many soft- ware, API to perform the manageable functions. D. Platform Virtualization Virtualization is a basic technology used in cloud services which provides the assembling of much stand-alone system on single platform by providing the virtualization in computing re- sources (e.g. CPU, memory, network and stor- age). Virtualization allows scalability and multi tenancy. E. Network and Internet Connec- tivity Toob serve availability & performance, cloud infra- structure- spans multiple geographical sites to min- imize the response time and the damage of unpre- dicted disasters. Each site connected locally as LAN is connected with other sites by high speed Internet connections. These sites totally compose the cloud infrastructure which serves remote clients through the Internet. Thus, Cloud leaves both the conven- tional vulnerabilities of Internet and computer net- works. Logical network segmentation: A restrictive and structured network configuration needs tobeap- pliedinIaaSenvironmentsalongsidethehypervisoriso- lationpower.VLANprovides isolated segments to prevent the external VMs from monitoring the in- ternal traffic; for bridges, instance, unicast, broad- cast and broadcast traffic on a VLAN segment only to VMs which are provided with virtual interface in the segment. Administrator needs to choose the best connection model, i.e., NAT, Routing or simple bridging between VLANs. Thus, virtual networks avoid wasting unnecessary bandwidth and offer- more security and performance. Firewalls implementing: using firewalls we enforce the organization’s security policy by implementing c e r t a i n rules to check the traffic based on source IP address and service port. Traffic encryption: To access the outsourced infrastructure On clouds, clients need some secure channels to en- sure integrity and privacy of transferred data. VPNs provide encrypted tunnel between client and provid- er using Layer2 Network monitoring: In IaaS model, providers are responsible for monitoring the network to sustain acceptance of QoS. The monitoring process which includes fault detection, malicious activity and trou- bleshooting. In cloud, Network monitoring is not so simple compared with traditional network because here in cloud is geographically distributed and it de- pends significantly on the resources sharing. Moreo-
  3. 3. International Journal of Innovatory research in Engineering and Technology - IJIRET ISSN: XXXX-XXXX Volume X, Issue X, Month Year 11 ver, cloud infrastructure is a public environment w h i c h contains multiple monitoring records refers to anonymous users. F. Computer Hardware IaaS offers an interface to pool of distributed physical resources (e.g., Network Components, Storage Devices and CPU) and delivers shared busi- ness model to serve many users. Virtualization, as w e seen previously, it can keep a security of com- puter resources which are shared and it can control communication on network level and hardware lev- el. Even many private organizations usually move the hardware components to the locked rooms which are accessible only by trusted and authorized persons to protect the resources, a survey showed over 70% of attacks of organizations’ confidential data occurs internally Computing resources: An attacker can access the machine physically. Depending on the intention of the attacker, we have many scenarios. First scenario is denying the service by switching off themachineor- byremovinganyof the hardware resources. This is not a common attack, but it can spoil the company’s repu- tation. Hence, IaaS providers should carefully control the access to the physical resources. Secondscenari- oisto steal or corrupt company’s specific data for oth- er companies benefit or own. Storage r e s o u r c e s : IaaS providers play very essential role in protecting t h e clients’ data. Whatever is the level of data security, either it can be part of retired or replaced storage devices. Usual- ly, companies don’t have restricted policy to manage retired devices that could be accidentally given to untrusted people. Every organization is supposed to assure the clients’ data security along with life cy- cle. Encryption would be a better solution, but it might prevent the accessibility of data to other users. 3. SECURITYMODELFORIAAS As a result of this research, we proposed a Securi- ty Model for an IaaS as a guide for providing and raising security for each layer in IaaS delivery model as shown in Fig.b. SMI model consists three sides security model, restriction level and Iaas component model. The front side of the cubic model is IaaS. The security model includes three vertical entities where each entity covers entire IaaS components. The first entity is Secure Configuration Policy (SCP) to assure secure configuration for every layer in IaaS software, Hardware, or SLA configurations; Fig b) Security Model for Iaas usually, miss-configuration incidents could lead to entire security of the system. These can Secure Re- sources Management Policy (SRMP) which controls the privileges and management roles. The last entity is Security Policy Monitoring and Auditing (SPMA) which is important to track the system life cycle the restriction policy side specifies level of restriction for security model entities. The level of Restriction starts from loose to tight which depends on the cli- ent, provider and the service requirements. 4. CONCLUSION IaaS is the basic foundation layer of Cloud Compu- ting delivery model which consists of multiple components and technologies. Each component in Cloud infrastructure service has its vulnerability which may create an impact on whole Cloud’s Computing security. In this paper, we tried to inves- tigate the challenges on security which are associat- ed with IaaS implementation and deployment. Based on Our research we tried to propose few solu- tions for the existing models of IaaS.
  4. 4. International Journal of Innovatory research in Science and Management - IJIRSM ISSN: XXXX-XXXX Volume X, Issue X, Month Year 12 IaaS Compo- nent Threats/Challenges Solutions ServiceLevel Agreement(SLA) EnforcingSLA, Monitoring of SLA, and Monitor QoS attributes. SLA monitoring and enforcement in SOA and Web Service Level Agree- ment (WSLA)framework. UtilityComputing BillingwithMultiplelevelsofproviders, Measuring On-demandbillingsystemavailability. Amazon Dev Pay. CloudSoftware Attacksagainstwebservices, AttacksagainstXML. SOAPSecurityExtensions XMLSignatureandXM- LEncryption. Net- works&Internet connectivity DDOS Man-In-The-Middle attack (MITM). IPSpoofing. DNS security and port scanning IntrusionDetectionSystemandIntrusionPrevention System (IPS). LogicalNetworksegmenta- tionandFirewalls. Traffi- cencryption. Networkmonitoring. Virtualization Securi- tythreatssourcedfrom host: • Monitoring VMs from host. • VMs modification. Communications between VMs and host. Securi- tythreatssourced from VM: • Monitoring VMs from other VM. Communication between VMs. Virtual machines. VMs Provisioning and migra- tion. Mobility • ResourcesDenialof Service Securi- tythreatssourcedfromhost: • Terra •Trusted Virtual Data- center (TVDc) • Mandatory Access Control MAC • Trusted Cloud Com- puting Platform Securi- tythreatssourcedfrom VM: • IPSec. • Encryption. • Xen Security through Disaggrega- tion. •LoBot architecture for secure provi- sioning & migration VM • VPN. ComputerHard- ware Physicalattacksagainstcomputerhardware. Datasecurityonretiredorreplacedstoragedevices. Highsecurelockedroomswithmoni- toringappliances. Multi- partiesaccessibilitytoencryptedstorage. Transparentcryptographicfilesystems. Self-encryptingenterprisetapedriveTS1120.
  5. 5. International Journal of Innovatory research in Engineering and Technology - IJIRET ISSN: XXXX-XXXX Volume X, Issue X, Month Year 13 REFERENCES [1]R.Buyya,C.S.Yeo,andS.Venugopal,“Market- Oriented Cloud Computing: Vision, Hype, and Reality for Delivering IT Services asCompu- tingUtilities,”Proceedings ofthe10thIEEEInternational Conference on High Performance Computingand Communica- tions, p.9,August2008.[Online].Available:http://arxiv. org/abs/0808.3558 [2] SLAManagement Team,SLAManagementHandbook,4thed. Enter- prisePerspective,2004. [3] G.Frankova,ServiceLevelAgreements:WebServices andSecurity,ser. LectureNotesinComputerScience. Ber- lin,Heidelberg:SpringerBerlin Heidelberg,2007,vol.4607. [4] P. Patel, A.Ranabahu, and A.Sheth, “Ser- vice Level Agreement in Cloud Computing,” Cloud Workshop- satOOPSLA09, 2009.[Online].Available: http://knoesis.wright.edu/aboutus/visitors/summ er2009/PatelReport.pdf [5] D. Nurmi, R. Wolski, C. Grzegorczyk, G. Ober- telli, S. Soman, L.Youseff,andD.Zagorodnov, “TheEucalyptusOpen-Source Cloud- Compu- tingSystem,”ClusterComputing andtheGrid,IEEEInterna- tionalSymposi- umon,vol.0,pp.124–131,2009.

×