Cloud Computing intends a trend in computing model arises many security issues in all levels such as: network, application, data and host.
These models put up different challenges in security
Depending on consumers, models QOS(quality of service) requirements. Privacy, authentication, secre-cy are main concern for both consumers and cloud providers. IaaS serves as base for other models, if the security in this model is uncertain; it will affect the other models too. This paper delivers a examine the countermeasures and exposures. As a research we project security Assessment and improvement in Iaas layer.
1. ISSN: XXXX-XXXX Volume X, Issue X, Month Year
Problems and Solutions: Infrastructure as service
security In Cloud
Ashok Kumar H
Dept of Computer Science and Engineering
BTL Institute of Technology
Bangalore, India
ashokhoskera@gmail.com
Abstract: Cloud Computing intends a trend in
computing model arises many security issues in all
levels such as: network, application, data and host.
These models put up different challenges in security
Depending on consumers, models QOS(quality of
service) requirements. Privacy, authentication, secre-
cy are main concern for both consumers and cloud
providers. IaaS serves as base for other models, if the
security in this model is uncertain; it will affect the
other models too. This paper delivers a examine the
countermeasures and exposures. As a research we
project security Assessment and improvement in Iaas
layer.
1. Introduction
The essential models of cloud are namely Software,
Platform, and Infrastructure as service in Cloud
Computing. Above models are accessed by the cus-
tomers or consumers by service via Internet, these
services are usable as pay-as-you-need, where users
can pay only for the resources they use in time. Not
like other services as web hosting. The Price varies
accordingly with QOS requirements. And the models
based on relationship with organization, sorted on
Public, Hybrid and Private. Private cloud is men-
tioned for internal Datacenters in organization but not
for general Public. Some of the Emerging and re-
nowned Cloud Computing Platforms are AMAZON,
WINDOWS AZURE etc. The mix-up between cloud
computing and SOA(Software Oriented Architecture)
are considered to be complementary services which
share common characters. If SOA is set of rules,
principles and Methodologies which are designed to
help communication and system integration irrespec-
tive of development languages & platforms. Cloud
computing is planned for companies to utilize the
bulk capacities instantly without investing for a New-
er Infrastructure, Training, recruiting New staff or to
license the software.
Cloud Computing depends on IaaS to facilitate cheap
and pas-as-you-go power for data storage and other
resources which are shared.
Fig: a) Cloud Delivery Models
We looked into security for each IaaS component
like: Utility Computing (UC), Service Level Agree-
ment (SLA), Platform Virtualization, Networks and
Internet Connectivity, and Computer Hardware.
Component as Service (Caas)
Platform as Service(Paas)
Infrastructure as service(Iaas)
Servers Virtualization
Cloud Computing
2. International Journal of Innovatory research in Science and Management - IJIRSM
ISSN: XXXX-XXXX Volume X, Issue X, Month Year 10
2. IAAS Components
Iaas consists of several components which are devel-
oped through the years, but applying them in out-
sourced and shared environment carry multiple chal-
lenges, breaching the security of any of the compo-
nent will collapse the entire system.
A. Service level Agreement (SLA).
Cloud Computing goes forth to set of IT man-
agement complexities. And using SLA is answer
to assure acceptance level of QOS. SLA encom-
passes contract definition, negotiation, moni-
toring and enhancement. Contract definition
and negotiation stage is very important to un-
derstand the benefits and responsibilities for
each party. Any mistakes will affect the security
and leave the client exposure to vulnerabilities.
Monitoring and enforcing SLA is important to
build faith among client.
B. Utility Computing
This concept is not new. Its plays a crucial role in
grid computing development. It bundles the resource
(e.g. Bandwidth, storage etc.). As measured service
It reduces the cost in owning resource; client can pay
as per the usage and it’s been developed to help the
scalable systems. Amazon allows second level meth-
od to measure the usages of AWS services and bill
according to the prices for user.
C. Cloud Software
There exist many open sourced cloud software
implementations namely: Nimbus, it binds the
cloud components together. But can’t ensure
the bugs in the software, it provides many soft-
ware, API to perform the manageable functions.
D. Platform Virtualization
Virtualization is a basic technology used in cloud
services which provides the assembling of much
stand-alone system on single platform by
providing the virtualization in computing re-
sources (e.g. CPU, memory, network and stor-
age). Virtualization allows scalability and multi
tenancy.
E. Network and Internet Connec-
tivity
Toob serve availability & performance, cloud infra-
structure- spans multiple geographical sites to min-
imize the response time and the damage of unpre-
dicted disasters. Each site connected locally as LAN
is connected with other sites by high speed Internet
connections. These sites totally compose the cloud
infrastructure which serves remote clients through
the Internet. Thus, Cloud leaves both the conven-
tional vulnerabilities of Internet and computer net-
works.
Logical network segmentation: A restrictive
and structured network configuration needs tobeap-
pliedinIaaSenvironmentsalongsidethehypervisoriso-
lationpower.VLANprovides isolated segments to
prevent the external VMs from monitoring the in-
ternal traffic; for bridges, instance, unicast, broad-
cast and broadcast traffic on a VLAN segment only
to VMs which are provided with virtual interface in
the segment. Administrator needs to choose the best
connection model, i.e., NAT, Routing or simple
bridging between VLANs. Thus, virtual networks
avoid wasting unnecessary bandwidth and offer-
more security and performance.
Firewalls implementing: using firewalls we enforce
the organization’s security policy by implementing
c e r t a i n rules to check the traffic based on source
IP address and service port.
Traffic encryption: To access the outsourced
infrastructure
On clouds, clients need some secure channels to en-
sure integrity and privacy of transferred data. VPNs
provide encrypted tunnel between client and provid-
er using Layer2
Network monitoring: In IaaS model, providers
are responsible for monitoring the network to sustain
acceptance of QoS. The monitoring process which
includes fault detection, malicious activity and trou-
bleshooting. In cloud, Network monitoring is not so
simple compared with traditional network because
here in cloud is geographically distributed and it de-
pends significantly on the resources sharing. Moreo-
3. International Journal of Innovatory research in Engineering and Technology - IJIRET
ISSN: XXXX-XXXX Volume X, Issue X, Month Year 11
ver, cloud infrastructure is a public environment
w h i c h contains multiple monitoring records refers
to anonymous users.
F. Computer Hardware
IaaS offers an interface to pool of distributed
physical resources (e.g., Network Components,
Storage Devices and CPU) and delivers shared busi-
ness model to serve many users. Virtualization, as
w e seen previously, it can keep a security of com-
puter resources which are shared and it can control
communication on network level and hardware lev-
el. Even many private organizations usually move
the hardware components to the locked rooms
which are accessible only by trusted and authorized
persons to protect the resources, a survey showed
over 70% of attacks of organizations’ confidential
data occurs internally
Computing resources: An attacker can access
the machine physically. Depending on the intention
of the attacker, we have many scenarios. First scenario
is denying the service by switching off themachineor-
byremovinganyof the hardware resources. This is not
a common attack, but it can spoil the company’s repu-
tation. Hence, IaaS providers should carefully control
the access to the physical resources. Secondscenari-
oisto steal or corrupt company’s specific data for oth-
er companies benefit or own.
Storage r e s o u r c e s : IaaS providers play
very essential role in protecting t h e clients’ data.
Whatever is the level of data security, either it can
be part of retired or replaced storage devices. Usual-
ly, companies don’t have restricted policy to manage
retired devices that could be accidentally given to
untrusted people. Every organization is supposed to
assure the clients’ data security along with life cy-
cle. Encryption would be a better solution, but it
might prevent the accessibility of data to other users.
3. SECURITYMODELFORIAAS
As a result of this research, we proposed a Securi-
ty Model for an IaaS as a guide for providing and
raising security for each layer in IaaS delivery model
as shown in Fig.b. SMI model consists three sides
security model, restriction level and Iaas component
model. The front side of the cubic model is IaaS.
The security model includes three vertical entities
where each entity covers entire IaaS components.
The first entity is Secure Configuration Policy
(SCP) to assure secure configuration for every layer
in IaaS software, Hardware, or SLA configurations;
Fig b) Security Model for Iaas
usually, miss-configuration incidents could lead to
entire security of the system. These can Secure Re-
sources Management Policy (SRMP) which controls
the privileges and management roles. The last entity
is Security Policy Monitoring and Auditing (SPMA)
which is important to track the system life cycle the
restriction policy side specifies level of restriction
for security model entities. The level of Restriction
starts from loose to tight which depends on the cli-
ent, provider and the service requirements.
4. CONCLUSION
IaaS is the basic foundation layer of Cloud Compu-
ting delivery model which consists of multiple
components and technologies. Each component in
Cloud infrastructure service has its vulnerability
which may create an impact on whole Cloud’s
Computing security. In this paper, we tried to inves-
tigate the challenges on security which are associat-
ed with IaaS implementation and deployment.
Based on Our research we tried to propose few solu-
tions for the existing models of IaaS.
4. International Journal of Innovatory research in Science and Management - IJIRSM
ISSN: XXXX-XXXX Volume X, Issue X, Month Year 12
IaaS Compo-
nent
Threats/Challenges
Solutions
ServiceLevel
Agreement(SLA)
EnforcingSLA, Monitoring
of SLA, and Monitor QoS
attributes.
SLA monitoring and enforcement in
SOA and Web Service Level Agree-
ment (WSLA)framework.
UtilityComputing BillingwithMultiplelevelsofproviders, Measuring
On-demandbillingsystemavailability.
Amazon Dev Pay.
CloudSoftware Attacksagainstwebservices, AttacksagainstXML. SOAPSecurityExtensions
XMLSignatureandXM-
LEncryption.
Net-
works&Internet
connectivity
DDOS
Man-In-The-Middle attack
(MITM). IPSpoofing.
DNS security and port scanning
IntrusionDetectionSystemandIntrusionPrevention
System (IPS).
LogicalNetworksegmenta-
tionandFirewalls. Traffi-
cencryption.
Networkmonitoring.
Virtualization Securi-
tythreatssourcedfrom
host:
• Monitoring VMs
from host.
• VMs modification.
Communications
between VMs and host.
Securi-
tythreatssourced from
VM:
• Monitoring VMs
from other VM.
Communication
between VMs.
Virtual machines.
VMs
Provisioning and migra-
tion.
Mobility
• ResourcesDenialof
Service
Securi-
tythreatssourcedfromhost:
• Terra
•Trusted Virtual Data-
center
(TVDc)
• Mandatory Access
Control
MAC
• Trusted Cloud Com-
puting
Platform
Securi-
tythreatssourcedfrom
VM:
• IPSec.
• Encryption.
• Xen Security
through Disaggrega-
tion.
•LoBot architecture
for secure provi-
sioning
& migration VM
• VPN.
ComputerHard-
ware
Physicalattacksagainstcomputerhardware.
Datasecurityonretiredorreplacedstoragedevices.
Highsecurelockedroomswithmoni-
toringappliances. Multi-
partiesaccessibilitytoencryptedstorage.
Transparentcryptographicfilesystems.
Self-encryptingenterprisetapedriveTS1120.
5. International Journal of Innovatory research in Engineering and Technology - IJIRET
ISSN: XXXX-XXXX Volume X, Issue X, Month Year 13
REFERENCES
[1]R.Buyya,C.S.Yeo,andS.Venugopal,“Market-
Oriented Cloud Computing: Vision, Hype, and
Reality for Delivering IT Services asCompu-
tingUtilities,”Proceedings
ofthe10thIEEEInternational Conference on
High Performance Computingand Communica-
tions,
p.9,August2008.[Online].Available:http://arxiv.
org/abs/0808.3558
[2] SLAManagement
Team,SLAManagementHandbook,4thed. Enter-
prisePerspective,2004.
[3]
G.Frankova,ServiceLevelAgreements:WebServices
andSecurity,ser.
LectureNotesinComputerScience. Ber-
lin,Heidelberg:SpringerBerlin
Heidelberg,2007,vol.4607.
[4] P. Patel, A.Ranabahu, and A.Sheth,
“Ser- vice Level Agreement in Cloud
Computing,” Cloud Workshop-
satOOPSLA09, 2009.[Online].Available:
http://knoesis.wright.edu/aboutus/visitors/summ
er2009/PatelReport.pdf
[5] D. Nurmi, R. Wolski, C. Grzegorczyk, G. Ober-
telli, S. Soman, L.Youseff,andD.Zagorodnov,
“TheEucalyptusOpen-Source Cloud- Compu-
tingSystem,”ClusterComputing
andtheGrid,IEEEInterna- tionalSymposi-
umon,vol.0,pp.124–131,2009.