This document summarizes a paper presented at the International Conference on Emerging Technology Trends (ICETT) in 2011. The paper proposes an architecture called Cloud Protection System (CPS) to provide increased security to cloud resources using virtualization. CPS monitors the integrity of guest virtual machines in a cloud system like Eucalyptus. It also proposes HypeSec, which controls inter-VM communication in the Qemu hypervisor according to security policies. The effectiveness of CPS implemented in Eucalyptus is shown by testing against the Sebek rootkit attack.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Using Virtualization Technique to Increase Security and Reduce Energy Consump...IJORCS
An approach has been presented in this paper in order to generate a secure environment on internet Based Virtual Computing platform and also to reduce energy consumption in green cloud computing. The proposed approach constantly checks the accuracy of stored data by means of a central control service inside the network environment and also checks system security through isolating single virtual machines using a common virtual environment. This approach has been simulated on two types of Virtual Machine Manager (VMM) Quick EMUlator (Qemu), HVM (Hardware Virtual Machine) Xen and outputs of the simulation in VMInsight show that when service is getting singly used, the overhead of its performance will be increased. As a secure system, the proposed approach is able to recognize malicious behaviors and assure service security by means of operational integrity measurement. Moreover, the rate of system efficiency has been evaluated according to the amount of energy consumption on five applications (Defragmentation, Compression, Linux Boot Decompression and Kernel Boot). Therefore, this has been resulted that to secure multi-tenant environment, managers and supervisors should independently install a security monitoring system for each Virtual Machines (VMs) which will come up to have the management heavy workload of. While the proposed approach, can respond to all VM’s with just one virtual machine as a supervisor.
In the cloud, data is not tied to one server or even one group of servers, and it can be accessed from multiple devices simultaneously. To protect data, therefore, security solutions must shift from defense of a fixed perimeter towards an approach that protects the data as it travels from physical to virtual to cloud environments.
In the post-PC era, Trend Micro envisions a smart, data-centric security framework that advances the capabilities of our cloud-based Smart Protection Network™, adds smarter threat protection that correlates local threat intelligence; smarter data protection that follows and protects your data; and unified security management that increases visibility into data access and potential attacks.
This presentation was given at the Information Security Executive Summit on 28th / 29th February 2012
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...IJNSA Journal
Multi-cloud is an advanced version of cloud computing that allows its users to utilize different cloud systems from several Cloud Service Providers (CSPs) remotely. Although it is a very efficient computing
facility, threat detection, data protection, and vendor lock-in are the major security drawbacks of this infrastructure. These factors act as a catalyst in promoting serious cyber-crimes of the virtual world. Privacy and safety issues of a multi-cloud environment have been overviewed in this research paper. The
objective of this research is to analyze some logical automation and monitoring provisions, such as monitoring Cyber-physical Systems (CPS), home automation, automation in Big Data Infrastructure (BDI), Disaster Recovery (DR), and secret protection. The Results of this research investigation indicate that it is possible to avoid security snags of a multi-cloud interface by adopting these scientific solutions methodically.
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...csandit
Cloud computing is revolutionizing many ecosystems by providing organizations with
computing resources featuring easy deployment, connectivity, configuration, automation and
scalability. This paradigm shift raises a broad range of security and privacy issues that must be
taken into consideration. Multi-tenancy, loss of control, and trust are key challenges in cloud
computing environments. This paper reviews the existing technologies and a wide array of both
earlier and state-of-the-art projects on cloud security and privacy. We categorize the existing
research according to the cloud reference architecture orchestration, resource control, physical
resource, and cloud service management layers, in addition to reviewing the existing
developments in privacy-preserving sensitive data approaches in cloud computing such as
privacy threat modeling and privacy enhancing protocols and solutions.
Today, in the world of communication, connected systems is growing at a rapid pace. To accommodate this growth the need for computational power and storage is also increasing at a similar rate. Companies are investing a large amount of resources in buying, maintaining and ensuring availability of the system to their customers. To mitigate these issues, cloud computing is playing a major role [1]. The underlying concept of cloud computing dates back to the ‘50s but the term entering into widespread usage can be traced to 2006 when Amazon.com announced the Elastic Compute Cloud. In this paper, we will discuss about cloud security approaches. We have used the term “CloudDrain” to define data leakage in case of security compromise.
A traditional computing environment requires a costly
infrastructure to offer a better service to users. The introduction
of cloud computing has changed the working environment from
traditional to virtual. A larger number of IT companies are
utilizing the cloud. On the one hand, the cloud attracts more
number of consumers by offering services with minimized
capital cost and virtual infrastructure. On the other hand, there
are a risk and security challenges in cloud computing that
makes the user not to move completely towards it. The cloud
environment is more vulnerable to security breaches and data
theft. Moreover, insider attacks are more frequent in larger
enterprises. An unauthenticated user can cause more damage
to company reputation. The cloud service providers are trying
to provide a secure work environment for users. However,
there is a lack of global standards and policies to invoke
security measures in cloud computing. This study aims to
highlight and classify security challenges and trust issues in the
cloud environment.
The survey was conducted in various institutions and
governmental organizations in Saudi Arabia to study the
opinions of stakeholders on cloud computing security
challenges and risks.
Links:
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
I want to thank everyone who attended this presentation at AFCOM Data Center World Fall 2011 in Orlando, FL.
Studies show the number of data centers deploying virtual cloud computing will rapidly increase in the next five years. Other studies show that the number of Internet attacks and their level of sophistication will also grow significantly. This session identifies approaches to reduce the risk of business disruptions resulting from inadequate virtual security controls in a data center. It will cover utilizing best practices for security configurations, measuring information security status, and making rational decisions about security investments.
Connect with me if you have any questions or need additional information.
Please favorite this if you like it. I look forward to seeing you again soon.
Regards,
Hector Del Castillo
http://linkd.in/hdelcastillo
Cloud computing is set of resources and services offered through the Internet. Cloud
services are delivered from data centers located throughout the world. Cloud computing
facilitates its consumers by providing virtual resources via internet. The biggest challenge in
cloud computing is the security and privacy problems caused by its multi-tenancy nature and the
outsourcing of infrastructure, sensitive data and critical applications. Enterprises are rapidly adopting
cloud services for their businesses, measures need to be developed so that organizations can be assured
of security in their businesses and can choose a suitable vendor for their computing needs. Cloud
computing depends on the internet as a medium for users to access the required services at any time on
pay-per-use pattern. However this technology is still in its initial stages of development, as it suffers
from threats and vulnerabilities that prevent the users from trusting it. Various malicious activities
from illegal users have threatened this technology such as data misuse, inflexible access control and
limited monitoring. The occurrence of these threats may result into damaging or illegal access of
critical and confidential data of users. In this paper we identify the most vulnerable security
threats/attacks in cloud computing, which will enable both end users and vendors to know a bout
the k ey security threats associated with cloud computing and propose relevant solution directives to
strengthen security in the Cloud environment. We also propose secure cloud architecture for
organizations to strengthen the security.
Cloud computing is a revolutionary way of storing and accessing data with five essential characteristics, three service models, and four deployment models. Businesses have realized the tremendous potentiality and benefits of cloud computing and have accepted the technology, but still a small amount of scepticism hovers around. In defiance of its potential characteristics, the organizations risk their sensitive data by storing it in the cloud. In this paper, we have identified various privacy and security challenges associated with the novelty of cloud computing. The security and privacy challenge listed in this paper perceives demand for implementation of sophisticated technologies to deal with them. Gopal K. Shyam | Mir Abdul Samim Ansari"Security Concerns in Cloud Computing" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-5 , August 2018, URL: http://www.ijtsrd.com/papers/ijtsrd18306.pdf http://www.ijtsrd.com/computer-science/distributed-computing/18306/security-concerns-in-cloud-computing/gopal-k-shyam
Cloud computing security through symmetric cipher modelijcsit
Cloud computing can be defined as an application and services which runs on distributed network using
virtualized and it is accessed through internet protocols and networking. Cloud computing resources and
virtual and limitless and information’s of the physical systems on which software running are abstracted
from the user. Cloud Computing is a style of computing in which dynamically scalable and often virtualized
resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or
control over the technology infrastructure in the "cloud" that supports them. To satisfy the needs of the
users the concept is to incorporate technologies which have the common theme of reliance on the internet
Software and data are stored on the servers whereas cloud computing services are provided through
applications online which can be accessed from web browsers. Lack of security and access control is the
major drawback in the cloud computing as the users deal with sensitive data to public clouds .Multiple
virtual machine in cloud can access insecure information flows as service provider; therefore to implement
the cloud it is necessary to build security. Therefore the main aim of this paper is to provide cloud
computing security through symmetric cipher model. This article proposes symmetric cipher model in
order to implement cloud computing security so that data can accessed and stored securely.
Odontoma compuesto, Casos radiograficos, Dento Metric, Dr. Enrique Sierra Rosales, Cursos Tomografia computarizada cone beam On Line, Diplomado en Radiologìa Oral y Maxilofacial On Line, a distancia, Radiologia Bucal y Maxilofacial en Guadalajara, Jalisco, Mexico
Using Virtualization Technique to Increase Security and Reduce Energy Consump...IJORCS
An approach has been presented in this paper in order to generate a secure environment on internet Based Virtual Computing platform and also to reduce energy consumption in green cloud computing. The proposed approach constantly checks the accuracy of stored data by means of a central control service inside the network environment and also checks system security through isolating single virtual machines using a common virtual environment. This approach has been simulated on two types of Virtual Machine Manager (VMM) Quick EMUlator (Qemu), HVM (Hardware Virtual Machine) Xen and outputs of the simulation in VMInsight show that when service is getting singly used, the overhead of its performance will be increased. As a secure system, the proposed approach is able to recognize malicious behaviors and assure service security by means of operational integrity measurement. Moreover, the rate of system efficiency has been evaluated according to the amount of energy consumption on five applications (Defragmentation, Compression, Linux Boot Decompression and Kernel Boot). Therefore, this has been resulted that to secure multi-tenant environment, managers and supervisors should independently install a security monitoring system for each Virtual Machines (VMs) which will come up to have the management heavy workload of. While the proposed approach, can respond to all VM’s with just one virtual machine as a supervisor.
In the cloud, data is not tied to one server or even one group of servers, and it can be accessed from multiple devices simultaneously. To protect data, therefore, security solutions must shift from defense of a fixed perimeter towards an approach that protects the data as it travels from physical to virtual to cloud environments.
In the post-PC era, Trend Micro envisions a smart, data-centric security framework that advances the capabilities of our cloud-based Smart Protection Network™, adds smarter threat protection that correlates local threat intelligence; smarter data protection that follows and protects your data; and unified security management that increases visibility into data access and potential attacks.
This presentation was given at the Information Security Executive Summit on 28th / 29th February 2012
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...IJNSA Journal
Multi-cloud is an advanced version of cloud computing that allows its users to utilize different cloud systems from several Cloud Service Providers (CSPs) remotely. Although it is a very efficient computing
facility, threat detection, data protection, and vendor lock-in are the major security drawbacks of this infrastructure. These factors act as a catalyst in promoting serious cyber-crimes of the virtual world. Privacy and safety issues of a multi-cloud environment have been overviewed in this research paper. The
objective of this research is to analyze some logical automation and monitoring provisions, such as monitoring Cyber-physical Systems (CPS), home automation, automation in Big Data Infrastructure (BDI), Disaster Recovery (DR), and secret protection. The Results of this research investigation indicate that it is possible to avoid security snags of a multi-cloud interface by adopting these scientific solutions methodically.
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...csandit
Cloud computing is revolutionizing many ecosystems by providing organizations with
computing resources featuring easy deployment, connectivity, configuration, automation and
scalability. This paradigm shift raises a broad range of security and privacy issues that must be
taken into consideration. Multi-tenancy, loss of control, and trust are key challenges in cloud
computing environments. This paper reviews the existing technologies and a wide array of both
earlier and state-of-the-art projects on cloud security and privacy. We categorize the existing
research according to the cloud reference architecture orchestration, resource control, physical
resource, and cloud service management layers, in addition to reviewing the existing
developments in privacy-preserving sensitive data approaches in cloud computing such as
privacy threat modeling and privacy enhancing protocols and solutions.
Today, in the world of communication, connected systems is growing at a rapid pace. To accommodate this growth the need for computational power and storage is also increasing at a similar rate. Companies are investing a large amount of resources in buying, maintaining and ensuring availability of the system to their customers. To mitigate these issues, cloud computing is playing a major role [1]. The underlying concept of cloud computing dates back to the ‘50s but the term entering into widespread usage can be traced to 2006 when Amazon.com announced the Elastic Compute Cloud. In this paper, we will discuss about cloud security approaches. We have used the term “CloudDrain” to define data leakage in case of security compromise.
A traditional computing environment requires a costly
infrastructure to offer a better service to users. The introduction
of cloud computing has changed the working environment from
traditional to virtual. A larger number of IT companies are
utilizing the cloud. On the one hand, the cloud attracts more
number of consumers by offering services with minimized
capital cost and virtual infrastructure. On the other hand, there
are a risk and security challenges in cloud computing that
makes the user not to move completely towards it. The cloud
environment is more vulnerable to security breaches and data
theft. Moreover, insider attacks are more frequent in larger
enterprises. An unauthenticated user can cause more damage
to company reputation. The cloud service providers are trying
to provide a secure work environment for users. However,
there is a lack of global standards and policies to invoke
security measures in cloud computing. This study aims to
highlight and classify security challenges and trust issues in the
cloud environment.
The survey was conducted in various institutions and
governmental organizations in Saudi Arabia to study the
opinions of stakeholders on cloud computing security
challenges and risks.
Links:
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
I want to thank everyone who attended this presentation at AFCOM Data Center World Fall 2011 in Orlando, FL.
Studies show the number of data centers deploying virtual cloud computing will rapidly increase in the next five years. Other studies show that the number of Internet attacks and their level of sophistication will also grow significantly. This session identifies approaches to reduce the risk of business disruptions resulting from inadequate virtual security controls in a data center. It will cover utilizing best practices for security configurations, measuring information security status, and making rational decisions about security investments.
Connect with me if you have any questions or need additional information.
Please favorite this if you like it. I look forward to seeing you again soon.
Regards,
Hector Del Castillo
http://linkd.in/hdelcastillo
Cloud computing is set of resources and services offered through the Internet. Cloud
services are delivered from data centers located throughout the world. Cloud computing
facilitates its consumers by providing virtual resources via internet. The biggest challenge in
cloud computing is the security and privacy problems caused by its multi-tenancy nature and the
outsourcing of infrastructure, sensitive data and critical applications. Enterprises are rapidly adopting
cloud services for their businesses, measures need to be developed so that organizations can be assured
of security in their businesses and can choose a suitable vendor for their computing needs. Cloud
computing depends on the internet as a medium for users to access the required services at any time on
pay-per-use pattern. However this technology is still in its initial stages of development, as it suffers
from threats and vulnerabilities that prevent the users from trusting it. Various malicious activities
from illegal users have threatened this technology such as data misuse, inflexible access control and
limited monitoring. The occurrence of these threats may result into damaging or illegal access of
critical and confidential data of users. In this paper we identify the most vulnerable security
threats/attacks in cloud computing, which will enable both end users and vendors to know a bout
the k ey security threats associated with cloud computing and propose relevant solution directives to
strengthen security in the Cloud environment. We also propose secure cloud architecture for
organizations to strengthen the security.
Cloud computing is a revolutionary way of storing and accessing data with five essential characteristics, three service models, and four deployment models. Businesses have realized the tremendous potentiality and benefits of cloud computing and have accepted the technology, but still a small amount of scepticism hovers around. In defiance of its potential characteristics, the organizations risk their sensitive data by storing it in the cloud. In this paper, we have identified various privacy and security challenges associated with the novelty of cloud computing. The security and privacy challenge listed in this paper perceives demand for implementation of sophisticated technologies to deal with them. Gopal K. Shyam | Mir Abdul Samim Ansari"Security Concerns in Cloud Computing" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-5 , August 2018, URL: http://www.ijtsrd.com/papers/ijtsrd18306.pdf http://www.ijtsrd.com/computer-science/distributed-computing/18306/security-concerns-in-cloud-computing/gopal-k-shyam
Cloud computing security through symmetric cipher modelijcsit
Cloud computing can be defined as an application and services which runs on distributed network using
virtualized and it is accessed through internet protocols and networking. Cloud computing resources and
virtual and limitless and information’s of the physical systems on which software running are abstracted
from the user. Cloud Computing is a style of computing in which dynamically scalable and often virtualized
resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or
control over the technology infrastructure in the "cloud" that supports them. To satisfy the needs of the
users the concept is to incorporate technologies which have the common theme of reliance on the internet
Software and data are stored on the servers whereas cloud computing services are provided through
applications online which can be accessed from web browsers. Lack of security and access control is the
major drawback in the cloud computing as the users deal with sensitive data to public clouds .Multiple
virtual machine in cloud can access insecure information flows as service provider; therefore to implement
the cloud it is necessary to build security. Therefore the main aim of this paper is to provide cloud
computing security through symmetric cipher model. This article proposes symmetric cipher model in
order to implement cloud computing security so that data can accessed and stored securely.
Odontoma compuesto, Casos radiograficos, Dento Metric, Dr. Enrique Sierra Rosales, Cursos Tomografia computarizada cone beam On Line, Diplomado en Radiologìa Oral y Maxilofacial On Line, a distancia, Radiologia Bucal y Maxilofacial en Guadalajara, Jalisco, Mexico
My Wealth Campaign is a global, financial fitness coaching network designed to take the willing from zero to hero in five simple stages. Peer-to-Peer Collaboration
Gulfstream Healthcare Technology GHT provides quality healthcare technology information for better healthcare information exchange electronically that is Useful in research and analysis of health in the country.
Back That Computer Up - Preventing disasters in the age of the cloud.NovaStor
Hard drives have a limited lifespan, and storing data in the cloud brings about a number of questions. NovaStor is your backup and restore expert, asking the tough questions about data protection, and helping millions to secure their data with award winning software.
Learn more about NovaBACKUP software at: http://www.novastor.com
Are you a technology provider? Become a partner! http://www.novastor.com/partner
Migration of Virtual Machine to improve the Security in Cloud Computing IJECEIAES
Cloud services help individuals and organization to use data that are managed by third parties or another person at remote locations. With the increase in the development of cloud computing environment, the security has become the major concern that has been raised more consistently in order to move data and applications to the cloud as individuals do not trust the third party cloud computing providers with their private and most sensitive data and information. This paper presents, the migration of virtual machine to improve the security in cloud computing. Virtual machine (VM) is an emulation of a particular computer system. In cloud computing, virtual machine migration is a useful tool for migrating operating system instances across multiple physical machines. It is used to load balancing, fault management, low-level system maintenance and reduce energy consumption. Virtual machine (VM) migration is a powerful management technique that gives data center operators the ability to adapt the placement of VMs in order to better satisfy performance objectives, improve resource utilization and communication locality, achieve fault tolerance, reduce energy consumption, and facilitate system maintenance activities. In the migration based security approach, proposed the placement of VMs can make enormous difference in terms of security levels. On the bases of survivability analysis of VMs and Discrete Time Markov Chain (DTMC) analysis, we design an algorithm that generates a secure placement arrangement that the guest VMs can moves before succeeds the attack.
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environmentsmlaij
Incredible and amazing growths in the meadow of extranet, internet, intranet and its users have developed an innovative period of great global competition and contention. Denial of service attack by several computers is accomplished of distressing the services of competitor servers. The attack can be done for various reasons. So it is a key threat for cloud environment. Distributed-Denial of Service (DDoS) is a key intimidation to network and cloud computing security. Cloud computing Network is a group of nodes that interrelate with each other for switch over the information. So security is the major issue. There are several security attacks in cloud computing. One of the major intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two different behaviours they may happen obviously or it may due to some attackers.
Challenges and Mechanisms for Securing Data in Mobile Cloud Computingijcnes
Cloud computing enables users to utilize the services of computing resources. Now days computing resources in mobile applications are being delivered with cloud computing. As there is a growing need for new mobile applications, usage of cloud computing can not be overlooked. Cloud service providers offers the services for the data request in a remote server. Virtualization aspect of cloud computing in mobile applications felicitates better utilization of resources. The industry needs to address the foremost security risk in the underlying technology. The cloud computing environment in mobile applications aggravated with various security problems. This paper addresses challenges in securing data in cloud for mobile Cloud computing and few mechanisms to overcome.
IT Security Risk Mitigation Report: Virtualization SecurityBooz Allen Hamilton
Security is a major area of concern for any organization deploying a virtual environment. The introduction of VMs has created security considerations unheard of just a few years ago. This report provides insight into managing these new risks, and shows how Booz Allen’s expertise helps organizations develop comprehensive and secure virtualization solutions that comply with federal security standards.
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...cscpconf
Cloud computing is revolutionizing many ecosystems by providing organizations with computing resources featuring easy deployment, connectivity, configuration, automation and scalability. This paradigm shift raises a broad range of security and privacy issues that must be taken into consideration. Multi-tenancy, loss of control, and trust are key challenges in cloud computing environments. This paper reviews the existing technologies and a wide array of both earlier and state-of-the-art projects on cloud security and privacy. We categorize the existing research according to the cloud reference architecture orchestration, resource control, physical resource, and cloud service management layers, in addition to reviewing the existing developments in privacy-preserving sensitive data approaches in cloud computing such as privacy threat modeling and privacy enhancing protocols and solutions.
Establishing applications on on-demand infrastructures rather of building applica-tions on fixed and rigid infrastructures was provided by cloud computing provides. By merely exploiting into the cloud, initiatives can gain fast access to business applications or infrastructure resources with decreased Capital Expenditure (CAPEX). The more and more information is placed into the cloud by someone and initiatives, security issues begins to develop and raised. This paper discusses the different security issues that rise up about how secure the mo-bile cloud computing environment.
Virtualization and virtual situations are major basics for files input in cloud adding. It is assistances for together the visitor user and the worker while it provides the first with the features needed to execute his demand, it gives the second the capacity to be cover different guests with no extra cost. The essential component in a virtual design is called hypervisor, having extra-privileges, which makes it able to play major role of dealing the input of data and funds. This hypervisor has many advantages regarding the cost, the simplicity of performance, the availability. But in the other hand, the major character played by this group makes it the faultless target for mean users targeting to attack the near system. Arun Prasath. M | Mrs. T. Sathiyabama "Virtualization in Cloud Computing" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-6 , October 2018, URL: http://www.ijtsrd.com/papers/ijtsrd18665.pdf
This paper describes the concept of implementing the network vulnerability assessment process as a web service in Eucalyptus cloud.This paper is published in one of the international conferences.I implemented the mentioned concept during my M.E. thesis.
A SURVEY ON SECURITY CHALLENGES OF VIRTUALIZATION TECHNOLOGY IN CLOUD COMPUTINGijcsit
Virtualization has become a widely and attractive employed technology in cloud computing environments. Sharing of a single physical machine between multiple isolated virtual machines leading to a more optimized hardware usage, as well as make the migration and management of a virtual system more efficiently than its physical counterpart. Virtualization is a fundamental technology in a cloud environment. However, the presence of an additional abstraction layer among software and hardware causes new security issues. Security issues related to virtualization technology have become a significant concern for organizations due to arising some new security challenges.
Similar to An Architecture for Providing Security to Cloud Resources (20)
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
An Architecture for Providing Security to Cloud Resources
1. International Conference on Emerging Technology Trends (ICETT) 2011
Proceedings published by International Journal of Computer Applications® (IJCA)
An Architecture for Providing Security to Cloud
Resources
Niranjana Padmanabhan Bijolin Edwin E
Lecturer Lecturer
CS Department IT Department
S.N College of Engineering and Karunya University, India
Technology, India
ABSTRACT be audited due to the dynamic and fluid nature of virtual
One of the major challenges in Cloud computing is providing machines. Also, the co-location of multiple virtual machines
security to the cloud resources. In present paper, we make use of increases the attack surface and risk of virtual machine-to-virtual
the concept of virtualization to protect the cloud components machine compromise. The main focus of this paper is on the
and the integrity of guest virtual machines. To guarantee controlled sharing of resources. Such sharing is not controlled
increased security to cloud resources, an architecture called by any formal policy in current hypervisor systems. This lack of
Cloud Protection System (CPS) is proposed. CPS remains fully formality makes it difficult to reason about the effectiveness of
transparent to the cloud components and the guest virtual isolation between VMs. In the following sections we show how
machines since it is implemented on the base machine and CPS can leverage full virtualization to provide increased
monitors the integrity of guest virtual machines. Also, we protection to actually deployed cloud systems such as
propose an architecture called HypeSec, which can be integrated Eucalyptus. Also, HypeSec architecture is integrated in the
in the hypervisor Qemu, where it controls all inter-VM hypervisor Qemu, where it controls all inter-VM communication
communication according to formal security policies. The according to formal security policies.
architecture CPS is fully implemented using Eucalyptus cloud
environment, and Qemu as the hypervisor. The effectiveness of
2. RELATED WORK
the prototype is shown by testing it against the Sebek rootkit The survey on cloud computing presented in Armbrust et al.
attack. (2009) have been the starting point of our work. There are many
research papers on integrity checking mechanisms and intrusion
General Terms detection solutions. Those mechanisms can be successfully
Cloud computing, virtual machine, security. applied to cloud computing as well. For example, the Filesystem
Integrity Tools and Intrusion Detection Systems such as
Keywords Tripwire (Kim and Spafford, 1994) and AIDE (AIDE team,
Eucalyptus, Hypervisor, Qemu, virtualization. 2005) can be deployed in virtual machines. But they are subject
to attacks possibly coming from a guest machine user who has
1. INTRODUCTION turned the machine into a malicious one. In addition to this,
Cloud computing is a consequence of economic, commercial, when an attacker finds out that the target machine is in a virtual
cultural and technological conditions that have combined to environment, it may attempt to break out of the virtual
cause a disruptive shift in information technology towards a environment through vulnerabilities (Secunia, 2009) in the
service-based economy. The underlying driver of this change is Virtual Machine Monitor (VMM). Most of the approaches
the commoditization of IT. Even though unresolved security and present today, leverage VMM isolation properties to secure
privacy issues are slowing down their adoption and success, VMs by leveraging various levels of virtual introspection.
cloud nodes are increasingly popular. Since the cloud nodes are Virtual introspection (Jiang et al., 2007) is a process in which
exposed to third parties of services and interfaces, they are more the VMM monitors the state of a VM. SecVisor (Seshadri et al.,
vulnerable to cyber attacks. The cloud in fact is the internet, 2007) Lares (Payne et al., 2008) and KVM-L4 (Peter et al.,
with all the positives and negatives of it. Hence providing 2009), to name a few, leverage virtualization to monitor the
security to the cloud is a challenging task. Thus it is crucial to integrity of the guest kernel code from a privileged virtual
identify the possible threats that could occur and to establish machine or from the Virtual Machine Monitor, also known as
security processes to protect the cloud from attacks. Virtual the hypervisor. Finally, the paper called Transparent security for
Machines (VM’s) on the Internet are exposed to many kinds of cloud (Lombardi and Di Pietro, 2010) was studied to know what
interactions that virtualization technology can help filtering are the security measures taken for protecting the integrity of the
while assuring a higher degree of security. To provide virtual machines in the cloud. It can be seen that this paper and
monitoring of VMs, allowing easier management of the security our work share some similarity in terms of positioning of the
of complex cluster, server farms, and cloud computing protection components. In Transparent security for cloud, the
infrastructures, virtualization can also be used as a security authors have considered the case in which security is provided in
component. However, with respect to security, the virtualization an environment where there is only a single virtual machine that
technologies create new potential concerns. It will be difficult to has gone malicious. Furthermore in Secure virtualization for
maintain the consistency of security and ensure that records can cloud computing (Lombardi and Di Pietro, June 2010), again by
34
2. International Conference on Emerging Technology Trends (ICETT) 2011
Proceedings published by International Journal of Computer Applications® (IJCA)
the same authors considers the scenario where there are two users to focus on innovation. IaaS can be defined as the delivery
virtual machines connected to a host and one of it has turned out of computer infrastructure (typically a platform virtualization
to be malicious. But the chance of a compromised virtual environment) as a service. IaaS leverages services, significant
machine that has become malicious affecting the next virtual technology and data center investments to deliver IT as a service
machine (due to the dynamic and fluid nature of virtual to customers. Unlike traditional outsourcing, which requires
machines) is vaguely explained. Our work shows that by complex, lengthy contract vehicles, extensive due diligence,
providing an access control feature in the VMM, we can safe negotiations ad infinitum, IaaS is centered around a model of
guard a virtual machine from being infected by a malicious one. service delivery that provisions a predefined, standardized
infrastructure specifically optimized for the customer’s
3. BACKGROUND applications. IaaS customers essentially rent the resources as a
Cloud computing is Internet-based computing, whereby shared fully outsourced service rather than purchasing data center
resources, software, and information are provided to computers space, servers, software, network equipment, etc. Usually, the
and other devices on demand. In cloud computing, details are service is billed on a monthly basis, just like a utility company
abstracted from the users, who no longer have need for expertise bills customers. The customer is charged based on the amount of
in, or control over, the technology infrastructure "in the cloud" resources he has consumed. In our work, we have focused
that supports them. Cloud computing typically involves over- mainly on the ‘lowest’’ computational layer (i.e. IaaS) because
the-Internet provision of dynamically scalable and often we can more effectively provide a security foundation on top of
virtualized resources. In general, cloud computing customers which more secure services can be offered. Out of the cloud
rent usage from a third-party provider thus avoiding capital computing systems that exist today, most of them are proprietary
expenditure. The cloud customers consume resources as a (even though APIs are open and well known) and they do not
service and pay only for the resources that they use. We can say allow integration with other systems or any kind of
that cloud computing is a form of utility computing wherein the enhancements for research purpose. Because of this is reason,
customers are charged according to the amount of resources that we have chosen Eucalyptus.
they use. The utilization rates are improved by sharing
"perishable and intangible" computing power among multiple 4. CLOUD PROTECTION SYSTEM
tenants, as servers are not unnecessarily left idle (which can In the proposed Cloud Protection System (CPS), the guest
reduce costs significantly while increasing the speed of virtual machine is monitored by the host to ensure that the
application development). But a side-effect of this approach is integrity of the virtual machine is protected. We mainly monitor
that the overall computer usage rises dramatically, as customers the kernel code or data that would be targeted (or) affected by
do not have to engineer for peak load limits. In addition, it is attacks to provide protection to the virtual machines and the
possible to receive the same response times from centralized cloud infrastructure. Thus any modification to the kernel code
infrastructure at other sites due to "increased high-speed and data is detected by monitoring the cloud components and the
bandwidth”. The concepts such as virtualization, distributed kernel (of virtual machine). This monitoring guarantees that the
computing and utility computing are applied within the cloud integrity of the virtual machine kernel and the cloud middleware
paradigm. Cloud services are available at different layers like have not been compromised. Now how we monitor the integrity
Software as a Service (SaaS), Platform as a Service (PaaS) and of cloud components is by logging in and verifying the
Infrastructure as a Service (IaaS). The traditional way of checksum of cloud libraries and executable files periodically.
software distribution, wherein the software is purchased for and The high level description of CPS is shown in Figure 1. The
installed on personal computers, is sometimes referred to as monitoring data flows are depicted as continuous lines in green
Software-as-a-Product. Software-as-a-Service is a term given to color where as the dangerous data flows are shown as dashed
the software distribution model in which the applications are lines (red). All the CPS modules- the Interceptor, Warning
hosted by a vendor or service provider and made available to Recorder, Warning Queue and the Evaluator are located on the
customers over a network, typically the Internet. As the base machine (host). The Interceptor component notices any
underlying technologies that support web services and service- suspicious guest activities like for example, system_call
oriented architecture (SOA) mature and new developmental invocation and it is recorded by the Warning Recorder into the
approaches become popular, SaaS is becoming an increasingly Warning Queue (WQ). Then the threat will be evaluated by the
prevalent delivery model. SaaS is also often associated with a Evaluator component. Our protection system called CPS is
pay-as-you-go subscription licensing model. The next cloud implemented over Eucalyptus cloud environment. Eucalyptus
service known as the Platform-as-a-Service allows us to include (Nurmi etal.,2009) consists of: a Node Controller (NC) that
platforms for building and running custom web-based controls the execution, inspection, and termination of VM
application. It is an outgrowth of the SaaS application delivery instances on the host where it runs; a Cluster Controller (CC)
model. We can say that the PaaS model makes all of the that gathers information about VM and schedules VM execution
facilities required to support the complete life cycle of building on specific node controllers; further, it manages virtual instance
and delivering web applications and services entirely available networks; a Storage Controller (SC)—Walrus—that is, a storage
from the Internet, without any software downloads or service providing a mechanism for storing an accessing VM
installation for developers, IT managers, or end users. In the images and user data; a Cloud Controller (CLC), the web
IaaS model, the developers can/may create a specific operating services entry point for users and administrators that make high
system instance with home grown applications running. Unlike level scheduling decisions. The NC runs on every node hosting
this model, PaaS developers are concerned only with web based VM instances. The NC activity and integrity is mainly
development and generally do not care what operating system is monitored, as it is the key component for our cloud
used. Rather than complex infrastructure, PaaS services allow implementation.
35
3. International Conference on Emerging Technology Trends (ICETT) 2011
Proceedings published by International Journal of Computer Applications® (IJCA)
Fig 1: Cloud Protection System
Now, if any dangerous alteration in the guest VM is detected, This architecture named HypeSec can have an Access Control
CPS can take actions like shutting down the VM or restarting a Module (ACM) incorporated with the Qemu hypervisor which
clean image. An attack can be implemented by inserting a will exercise access control between VMs, isolation of virtual
rootkit in the guest VM. For instance we can insert Sebek, which resources, resource control etc. The ACM authorizes access of
is a kernel module that hides its presence and intercepts file VMs to resources based on certain policy rules attached to VMs.
system and network activity. It alters the syscall table and One policy can be like administrators must ensure that certain
changes the execution flow to execute any malicious code. CPS VMs (and their supported workload types) cannot run on the
can detect both the alteration of the syscall table and the change same hypervisor system at the same time. Based on such
in the checksum of kernel files on virtual storage. Now if there policies, the ACM can decide on whether to allow
are many virtual machines installed in a single system and one communication among virtual machines or not. This feature
virtual machine has gone malicious, then it will affect the enhances the security provided by the CPS.
remaining virtual machines in no time. That is, the co-location
of multiple virtual machines increases the attack surface and risk 5. ATTACK IMPLEMENTATION
of virtual machine-to-virtual machine compromise. Hence along First we checked how our protection system reacted by making a
with CPS, we can include a security feature in the hypervisor single virtual machine malicious. We did so by inserting a
Qemu to provide better protection. We kept the name as module inside the kernel of the virtual machine which altered its
HypeSec since we add the security feature in the hypervisor. syscall table and changed the execution flow so as to execute the
The block diagram of HypeSec is depicted in Figure 2.
malicious code. This alteration was identified by the CPS
components at the base system by the change in the value of
checksum generated after the syscall table was altered. After
detecting the alteration, the virtual machine was made to be
powered off. When this was found successful, we next made
some additions to the Qemu code so that the Qemu hypervisor
will exercise some access control method when there is more
than one virtual machine on the base system and one among
those is compromised. That is, once it is found out that a virtual
machine is malicious, the Qemu hypervisor will change the
Fig 2: Block diagram of HypeSec access rights of the compromised virtual machine in such a way
that it cannot communicate with the other VMs thus avoiding
36
4. International Conference on Emerging Technology Trends (ICETT) 2011
Proceedings published by International Journal of Computer Applications® (IJCA)
the attack on the non malicious VMs. Then the compromised [3] Seshadri A, Luk M, Qu N, Perrig A. Secvisor: a tiny
virtual machine was made to be powered off in order to avoid it hypervisor to provide life time kernel code integrity for
from affecting the critical kernel code or data of the base system. commodity oses. In SOSP’07: Proceedings of twenty first
ACM SIGOPS symposium on operating systems principles,
This was done after the CPS components detected the change in
ACM, New York, NY, USA, 2007. p. 335–50.
the syscall table checksum of the malicious VM. There is of
course a small amount of overhead introduced by this technique [4] Payne BD, Carbone M, Sharif M, Lee W. Lares: An
architecture for secure active monitoring using
but compared with the detection capability of our system, it can
virtualization. In SP ’08: Proceedings of the 2008 IEEE
be neglected. symposium on security and privacy (sp2008), IEEE
Computer Society, Washington, DC, USA, 2008. pp. 233-
6. CONCLUSION 47.
In this paper, we have introduced an architecture named Cloud [5] Lombardi F, Di Pietro R. Kvmsec: a security extension for
Protection System that can provide security to the cloud linux kernel virtual machines. In SAC ’09: Proceedings of
resources via virtualization. CPS monitors the guest and the the 2009 ACM symposium on applied Computing, ACM,
middleware components and ensures that the integrity has not New York, NY, USA, 2009. pp. 2029–34.
been compromised. To enhance the security provided, HypeSec
architecture is proposed which is integrated along with the [6] Qumranet. Linux kernel virtual machine.
hypervisor Qemu. CPS combined with HypeSec can be http://kvm.qumranet.com.
deployed on any cloud implementation. Our protection system [7] Peter M, Schild H, Lackorzynski A, Warg A. Virtual
ensures that the integrity of the virtual machines is not machines jailed: virtualization in systems with small trusted
compromised. computing bases. In VDTS ’09: Proceedings of the 1st
EuroSys Workshop on virtualization technology for
7. ACKNOWLEDGMENTS dependable systems, ACM, New York, NY, USA, 2009.
Our thanks to the experts who have contributed towards the p.18–23.
development of this paper. [8] Rhee J, Riley R, Xu D, Jiang X. Defeating dynamic data
kernel rootkit attacks via vmm-based guest transparent
8. REFERENCES monitoring. Availability, Reliability and Security, 2009.
[1] Armbrust M, Fox A, Griffith R. Above the clouds: A ARES ’09.
Berkeley view of cloud computing. Technical Report [9] Lombardi F, Di Pietro R. Transparent security for cloud. In
UCB/EECS-2009-28, EECS Department, University of SAC’10: Proceedings of the 2010 ACM symposium on
California, Berkeley, February 2009. applied computing.
[2] Bellard F. Qemu, a fast and portable dynamic translator. In [10] Lombardi F, Di Pietro R. Secure virtualization for cloud
ATEC ’05: Proceedings of the annual conference on computing. In Elsevier, June 2010: Journal of Network and
USENIX annual technical conference, Berkeley, CA, USA, Computer Applications.
2005. USENIX Association, p. 41.
37