SlideShare uma empresa Scribd logo

An Architecture for Providing Security to Cloud Resources

Niranjana Padmanabhan
Niranjana Padmanabhan
EducaçãoTecnologiaNegócios
1 de 4
Baixar para ler offline
International Conference on Emerging Technology Trends (ICETT) 2011 Proceedings published by International Journal of Computer Applications® (IJCA) An Architecture for Providing Security to Cloud Resources Niranjana Padmanabhan Bijolin Edwin E Lecturer Lecturer CS Department IT Department S.N College of Engineering and Karunya University, India Technology, India ABSTRACT be audited due to the dynamic and fluid nature of virtual One of the major challenges in Cloud computing is providing machines. Also, the co-location of multiple virtual machines security to the cloud resources. In present paper, we make use of increases the attack surface and risk of virtual machine-to-virtual the concept of virtualization to protect the cloud components machine compromise. The main focus of this paper is on the and the integrity of guest virtual machines. To guarantee controlled sharing of resources. Such sharing is not controlled increased security to cloud resources, an architecture called by any formal policy in current hypervisor systems. This lack of Cloud Protection System (CPS) is proposed. CPS remains fully formality makes it difficult to reason about the effectiveness of transparent to the cloud components and the guest virtual isolation between VMs. In the following sections we show how machines since it is implemented on the base machine and CPS can leverage full virtualization to provide increased monitors the integrity of guest virtual machines. Also, we protection to actually deployed cloud systems such as propose an architecture called HypeSec, which can be integrated Eucalyptus. Also, HypeSec architecture is integrated in the in the hypervisor Qemu, where it controls all inter-VM hypervisor Qemu, where it controls all inter-VM communication communication according to formal security policies. The according to formal security policies. architecture CPS is fully implemented using Eucalyptus cloud environment, and Qemu as the hypervisor. The effectiveness of 2. RELATED WORK the prototype is shown by testing it against the Sebek rootkit The survey on cloud computing presented in Armbrust et al. attack. (2009) have been the starting point of our work. There are many research papers on integrity checking mechanisms and intrusion General Terms detection solutions. Those mechanisms can be successfully Cloud computing, virtual machine, security. applied to cloud computing as well. For example, the Filesystem Integrity Tools and Intrusion Detection Systems such as Keywords Tripwire (Kim and Spafford, 1994) and AIDE (AIDE team, Eucalyptus, Hypervisor, Qemu, virtualization. 2005) can be deployed in virtual machines. But they are subject to attacks possibly coming from a guest machine user who has 1. INTRODUCTION turned the machine into a malicious one. In addition to this, Cloud computing is a consequence of economic, commercial, when an attacker finds out that the target machine is in a virtual cultural and technological conditions that have combined to environment, it may attempt to break out of the virtual cause a disruptive shift in information technology towards a environment through vulnerabilities (Secunia, 2009) in the service-based economy. The underlying driver of this change is Virtual Machine Monitor (VMM). Most of the approaches the commoditization of IT. Even though unresolved security and present today, leverage VMM isolation properties to secure privacy issues are slowing down their adoption and success, VMs by leveraging various levels of virtual introspection. cloud nodes are increasingly popular. Since the cloud nodes are Virtual introspection (Jiang et al., 2007) is a process in which exposed to third parties of services and interfaces, they are more the VMM monitors the state of a VM. SecVisor (Seshadri et al., vulnerable to cyber attacks. The cloud in fact is the internet, 2007) Lares (Payne et al., 2008) and KVM-L4 (Peter et al., with all the positives and negatives of it. Hence providing 2009), to name a few, leverage virtualization to monitor the security to the cloud is a challenging task. Thus it is crucial to integrity of the guest kernel code from a privileged virtual identify the possible threats that could occur and to establish machine or from the Virtual Machine Monitor, also known as security processes to protect the cloud from attacks. Virtual the hypervisor. Finally, the paper called Transparent security for Machines (VM’s) on the Internet are exposed to many kinds of cloud (Lombardi and Di Pietro, 2010) was studied to know what interactions that virtualization technology can help filtering are the security measures taken for protecting the integrity of the while assuring a higher degree of security. To provide virtual machines in the cloud. It can be seen that this paper and monitoring of VMs, allowing easier management of the security our work share some similarity in terms of positioning of the of complex cluster, server farms, and cloud computing protection components. In Transparent security for cloud, the infrastructures, virtualization can also be used as a security authors have considered the case in which security is provided in component. However, with respect to security, the virtualization an environment where there is only a single virtual machine that technologies create new potential concerns. It will be difficult to has gone malicious. Furthermore in Secure virtualization for maintain the consistency of security and ensure that records can cloud computing (Lombardi and Di Pietro, June 2010), again by 34
International Conference on Emerging Technology Trends (ICETT) 2011 Proceedings published by International Journal of Computer Applications® (IJCA) the same authors considers the scenario where there are two users to focus on innovation. IaaS can be defined as the delivery virtual machines connected to a host and one of it has turned out of computer infrastructure (typically a platform virtualization to be malicious. But the chance of a compromised virtual environment) as a service. IaaS leverages services, significant machine that has become malicious affecting the next virtual technology and data center investments to deliver IT as a service machine (due to the dynamic and fluid nature of virtual to customers. Unlike traditional outsourcing, which requires machines) is vaguely explained. Our work shows that by complex, lengthy contract vehicles, extensive due diligence, providing an access control feature in the VMM, we can safe negotiations ad infinitum, IaaS is centered around a model of guard a virtual machine from being infected by a malicious one. service delivery that provisions a predefined, standardized infrastructure specifically optimized for the customer’s 3. BACKGROUND applications. IaaS customers essentially rent the resources as a Cloud computing is Internet-based computing, whereby shared fully outsourced service rather than purchasing data center resources, software, and information are provided to computers space, servers, software, network equipment, etc. Usually, the and other devices on demand. In cloud computing, details are service is billed on a monthly basis, just like a utility company abstracted from the users, who no longer have need for expertise bills customers. The customer is charged based on the amount of in, or control over, the technology infrastructure "in the cloud" resources he has consumed. In our work, we have focused that supports them. Cloud computing typically involves over- mainly on the ‘lowest’’ computational layer (i.e. IaaS) because the-Internet provision of dynamically scalable and often we can more effectively provide a security foundation on top of virtualized resources. In general, cloud computing customers which more secure services can be offered. Out of the cloud rent usage from a third-party provider thus avoiding capital computing systems that exist today, most of them are proprietary expenditure. The cloud customers consume resources as a (even though APIs are open and well known) and they do not service and pay only for the resources that they use. We can say allow integration with other systems or any kind of that cloud computing is a form of utility computing wherein the enhancements for research purpose. Because of this is reason, customers are charged according to the amount of resources that we have chosen Eucalyptus. they use. The utilization rates are improved by sharing "perishable and intangible" computing power among multiple 4. CLOUD PROTECTION SYSTEM tenants, as servers are not unnecessarily left idle (which can In the proposed Cloud Protection System (CPS), the guest reduce costs significantly while increasing the speed of virtual machine is monitored by the host to ensure that the application development). But a side-effect of this approach is integrity of the virtual machine is protected. We mainly monitor that the overall computer usage rises dramatically, as customers the kernel code or data that would be targeted (or) affected by do not have to engineer for peak load limits. In addition, it is attacks to provide protection to the virtual machines and the possible to receive the same response times from centralized cloud infrastructure. Thus any modification to the kernel code infrastructure at other sites due to "increased high-speed and data is detected by monitoring the cloud components and the bandwidth”. The concepts such as virtualization, distributed kernel (of virtual machine). This monitoring guarantees that the computing and utility computing are applied within the cloud integrity of the virtual machine kernel and the cloud middleware paradigm. Cloud services are available at different layers like have not been compromised. Now how we monitor the integrity Software as a Service (SaaS), Platform as a Service (PaaS) and of cloud components is by logging in and verifying the Infrastructure as a Service (IaaS). The traditional way of checksum of cloud libraries and executable files periodically. software distribution, wherein the software is purchased for and The high level description of CPS is shown in Figure 1. The installed on personal computers, is sometimes referred to as monitoring data flows are depicted as continuous lines in green Software-as-a-Product. Software-as-a-Service is a term given to color where as the dangerous data flows are shown as dashed the software distribution model in which the applications are lines (red). All the CPS modules- the Interceptor, Warning hosted by a vendor or service provider and made available to Recorder, Warning Queue and the Evaluator are located on the customers over a network, typically the Internet. As the base machine (host). The Interceptor component notices any underlying technologies that support web services and service- suspicious guest activities like for example, system_call oriented architecture (SOA) mature and new developmental invocation and it is recorded by the Warning Recorder into the approaches become popular, SaaS is becoming an increasingly Warning Queue (WQ). Then the threat will be evaluated by the prevalent delivery model. SaaS is also often associated with a Evaluator component. Our protection system called CPS is pay-as-you-go subscription licensing model. The next cloud implemented over Eucalyptus cloud environment. Eucalyptus service known as the Platform-as-a-Service allows us to include (Nurmi etal.,2009) consists of: a Node Controller (NC) that platforms for building and running custom web-based controls the execution, inspection, and termination of VM application. It is an outgrowth of the SaaS application delivery instances on the host where it runs; a Cluster Controller (CC) model. We can say that the PaaS model makes all of the that gathers information about VM and schedules VM execution facilities required to support the complete life cycle of building on specific node controllers; further, it manages virtual instance and delivering web applications and services entirely available networks; a Storage Controller (SC)—Walrus—that is, a storage from the Internet, without any software downloads or service providing a mechanism for storing an accessing VM installation for developers, IT managers, or end users. In the images and user data; a Cloud Controller (CLC), the web IaaS model, the developers can/may create a specific operating services entry point for users and administrators that make high system instance with home grown applications running. Unlike level scheduling decisions. The NC runs on every node hosting this model, PaaS developers are concerned only with web based VM instances. The NC activity and integrity is mainly development and generally do not care what operating system is monitored, as it is the key component for our cloud used. Rather than complex infrastructure, PaaS services allow implementation. 35
International Conference on Emerging Technology Trends (ICETT) 2011 Proceedings published by International Journal of Computer Applications® (IJCA) Fig 1: Cloud Protection System Now, if any dangerous alteration in the guest VM is detected, This architecture named HypeSec can have an Access Control CPS can take actions like shutting down the VM or restarting a Module (ACM) incorporated with the Qemu hypervisor which clean image. An attack can be implemented by inserting a will exercise access control between VMs, isolation of virtual rootkit in the guest VM. For instance we can insert Sebek, which resources, resource control etc. The ACM authorizes access of is a kernel module that hides its presence and intercepts file VMs to resources based on certain policy rules attached to VMs. system and network activity. It alters the syscall table and One policy can be like administrators must ensure that certain changes the execution flow to execute any malicious code. CPS VMs (and their supported workload types) cannot run on the can detect both the alteration of the syscall table and the change same hypervisor system at the same time. Based on such in the checksum of kernel files on virtual storage. Now if there policies, the ACM can decide on whether to allow are many virtual machines installed in a single system and one communication among virtual machines or not. This feature virtual machine has gone malicious, then it will affect the enhances the security provided by the CPS. remaining virtual machines in no time. That is, the co-location of multiple virtual machines increases the attack surface and risk 5. ATTACK IMPLEMENTATION of virtual machine-to-virtual machine compromise. Hence along First we checked how our protection system reacted by making a with CPS, we can include a security feature in the hypervisor single virtual machine malicious. We did so by inserting a Qemu to provide better protection. We kept the name as module inside the kernel of the virtual machine which altered its HypeSec since we add the security feature in the hypervisor. syscall table and changed the execution flow so as to execute the The block diagram of HypeSec is depicted in Figure 2. malicious code. This alteration was identified by the CPS components at the base system by the change in the value of checksum generated after the syscall table was altered. After detecting the alteration, the virtual machine was made to be powered off. When this was found successful, we next made some additions to the Qemu code so that the Qemu hypervisor will exercise some access control method when there is more than one virtual machine on the base system and one among those is compromised. That is, once it is found out that a virtual machine is malicious, the Qemu hypervisor will change the Fig 2: Block diagram of HypeSec access rights of the compromised virtual machine in such a way that it cannot communicate with the other VMs thus avoiding 36
International Conference on Emerging Technology Trends (ICETT) 2011 Proceedings published by International Journal of Computer Applications® (IJCA) the attack on the non malicious VMs. Then the compromised [3] Seshadri A, Luk M, Qu N, Perrig A. Secvisor: a tiny virtual machine was made to be powered off in order to avoid it hypervisor to provide life time kernel code integrity for from affecting the critical kernel code or data of the base system. commodity oses. In SOSP’07: Proceedings of twenty first ACM SIGOPS symposium on operating systems principles, This was done after the CPS components detected the change in ACM, New York, NY, USA, 2007. p. 335–50. the syscall table checksum of the malicious VM. There is of course a small amount of overhead introduced by this technique [4] Payne BD, Carbone M, Sharif M, Lee W. Lares: An architecture for secure active monitoring using but compared with the detection capability of our system, it can virtualization. In SP ’08: Proceedings of the 2008 IEEE be neglected. symposium on security and privacy (sp2008), IEEE Computer Society, Washington, DC, USA, 2008. pp. 233- 6. CONCLUSION 47. In this paper, we have introduced an architecture named Cloud [5] Lombardi F, Di Pietro R. Kvmsec: a security extension for Protection System that can provide security to the cloud linux kernel virtual machines. In SAC ’09: Proceedings of resources via virtualization. CPS monitors the guest and the the 2009 ACM symposium on applied Computing, ACM, middleware components and ensures that the integrity has not New York, NY, USA, 2009. pp. 2029–34. been compromised. To enhance the security provided, HypeSec architecture is proposed which is integrated along with the [6] Qumranet. Linux kernel virtual machine. hypervisor Qemu. CPS combined with HypeSec can be http://kvm.qumranet.com. deployed on any cloud implementation. Our protection system [7] Peter M, Schild H, Lackorzynski A, Warg A. Virtual ensures that the integrity of the virtual machines is not machines jailed: virtualization in systems with small trusted compromised. computing bases. In VDTS ’09: Proceedings of the 1st EuroSys Workshop on virtualization technology for 7. ACKNOWLEDGMENTS dependable systems, ACM, New York, NY, USA, 2009. Our thanks to the experts who have contributed towards the p.18–23. development of this paper. [8] Rhee J, Riley R, Xu D, Jiang X. Defeating dynamic data kernel rootkit attacks via vmm-based guest transparent 8. REFERENCES monitoring. Availability, Reliability and Security, 2009. [1] Armbrust M, Fox A, Griffith R. Above the clouds: A ARES ’09. Berkeley view of cloud computing. Technical Report [9] Lombardi F, Di Pietro R. Transparent security for cloud. In UCB/EECS-2009-28, EECS Department, University of SAC’10: Proceedings of the 2010 ACM symposium on California, Berkeley, February 2009. applied computing. [2] Bellard F. Qemu, a fast and portable dynamic translator. In [10] Lombardi F, Di Pietro R. Secure virtualization for cloud ATEC ’05: Proceedings of the annual conference on computing. In Elsevier, June 2010: Journal of Network and USENIX annual technical conference, Berkeley, CA, USA, Computer Applications. 2005. USENIX Association, p. 41. 37

Recomendados

Security in a Virtualised Computing
Security in a Virtualised ComputingSecurity in a Virtualised Computing
Security in a Virtualised ComputingIOSR Journals
 
Eb31854857
Eb31854857Eb31854857
Eb31854857IJERA Editor
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceUNIT4 IT Solutions
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance 1CloudRoad.com
 
Resarch paper i cloud computing
Resarch paper i cloud computingResarch paper i cloud computing
Resarch paper i cloud computingBharat Gupta
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 

Recomendados

Security in a Virtualised Computing
Security in a Virtualised ComputingSecurity in a Virtualised Computing
Security in a Virtualised ComputingIOSR Journals
 
Eb31854857
Eb31854857Eb31854857
Eb31854857IJERA Editor
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceUNIT4 IT Solutions
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance 1CloudRoad.com
 
Resarch paper i cloud computing
Resarch paper i cloud computingResarch paper i cloud computing
Resarch paper i cloud computingBharat Gupta
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...IJORCS
 
A220113
A220113A220113
A220113irjes
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
Cloud computing
Cloud computingCloud computing
Cloud computingsaralaanuj
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012Agora Group
 
Smart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraSmart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraTrend Micro (EMEA) Limited
 
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...IJNSA Journal
 
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...csandit
 
Securing Cloud from Cloud Drain
Securing Cloud from Cloud DrainSecuring Cloud from Cloud Drain
Securing Cloud from Cloud DrainEswar Publications
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
A Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust IssuesA Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust IssuesIJCSIS Research Publications
 
Security cloud computing
Security cloud computingSecurity cloud computing
Security cloud computingBrett Sinclair
 
6 7
6 76 7
6 7INTERNATIONAL INDEXED,REFERRED,MULTILINGUAL,INTERDISCIPLINARY, MONTHLY RESEARCH JOURNAL
 
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMCloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMHector Del Castillo, CPM, CPMM
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTUREacijjournal
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityDhaval Dave
 
Security Concerns in Cloud Computing
Security Concerns in Cloud ComputingSecurity Concerns in Cloud Computing
Security Concerns in Cloud Computingijtsrd
 
Outsourcing control
Outsourcing controlOutsourcing control
Outsourcing controlShahbaz Sidhu
 
Cloud computing security through symmetric cipher model
Cloud computing security through symmetric cipher modelCloud computing security through symmetric cipher model
Cloud computing security through symmetric cipher modelijcsit
 
70 74
70 7470 74
70 74Editor IJARCET
 
Odontoma compuesto
Odontoma compuestoOdontoma compuesto
Odontoma compuestodentometric
 
Orthopedic
OrthopedicOrthopedic
OrthopedicPratima Patil
 

Mais conteúdo relacionado

Mais procurados

Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...IJORCS
 
A220113
A220113A220113
A220113irjes
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
Cloud computing
Cloud computingCloud computing
Cloud computingsaralaanuj
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012Agora Group
 
Smart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraSmart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraTrend Micro (EMEA) Limited
 
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...IJNSA Journal
 
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...csandit
 
Securing Cloud from Cloud Drain
Securing Cloud from Cloud DrainSecuring Cloud from Cloud Drain
Securing Cloud from Cloud DrainEswar Publications
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
A Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust IssuesA Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust IssuesIJCSIS Research Publications
 
Security cloud computing
Security cloud computingSecurity cloud computing
Security cloud computingBrett Sinclair
 
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMCloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMHector Del Castillo, CPM, CPMM
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTUREacijjournal
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityDhaval Dave
 
Security Concerns in Cloud Computing
Security Concerns in Cloud ComputingSecurity Concerns in Cloud Computing
Security Concerns in Cloud Computingijtsrd
 
Cloud computing security through symmetric cipher model
Cloud computing security through symmetric cipher modelCloud computing security through symmetric cipher model
Cloud computing security through symmetric cipher modelijcsit
 

Mais procurados (20)

Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...
 
A220113
A220113A220113
A220113
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUG
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012
 
Smart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraSmart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC Era
 
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
 
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
 
Securing Cloud from Cloud Drain
Securing Cloud from Cloud DrainSecuring Cloud from Cloud Drain
Securing Cloud from Cloud Drain
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
 
A Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust IssuesA Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust Issues
 
Security cloud computing
Security cloud computingSecurity cloud computing
Security cloud computing
 
6 7
6 76 7
6 7
 
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMCloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Security Concerns in Cloud Computing
Security Concerns in Cloud ComputingSecurity Concerns in Cloud Computing
Security Concerns in Cloud Computing
 
Outsourcing control
Outsourcing controlOutsourcing control
Outsourcing control
 
Cloud computing security through symmetric cipher model
Cloud computing security through symmetric cipher modelCloud computing security through symmetric cipher model
Cloud computing security through symmetric cipher model
 
70 74
70 7470 74
70 74
 

Destaque

Odontoma compuesto
Odontoma compuestoOdontoma compuesto
Odontoma compuestodentometric
 
Foundations of Excellence Presentation
Foundations of Excellence PresentationFoundations of Excellence Presentation
Foundations of Excellence Presentationbmlandwehr
 
Well read 1 ch 6
Well read 1 ch 6Well read 1 ch 6
Well read 1 ch 6Aziz Salafi
 
My Wealth Campaign introduction
My Wealth Campaign introductionMy Wealth Campaign introduction
My Wealth Campaign introductionShaun Lindbergh
 
Healthcare Information Exchange
Healthcare Information ExchangeHealthcare Information Exchange
Healthcare Information ExchangeBinary Spectrum
 
Back That Computer Up - Preventing disasters in the age of the cloud.
Back That Computer Up - Preventing disasters in the age of the cloud.Back That Computer Up - Preventing disasters in the age of the cloud.
Back That Computer Up - Preventing disasters in the age of the cloud.NovaStor
 
Wd share space_release_notes_2_2_93_final
Wd share space_release_notes_2_2_93_finalWd share space_release_notes_2_2_93_final
Wd share space_release_notes_2_2_93_finalinterviz
 
Gorazd Perenič - Si predstavljate, da nič ni več nepredstavljivo?
Gorazd Perenič - Si predstavljate, da nič ni več nepredstavljivo? Gorazd Perenič - Si predstavljate, da nič ni več nepredstavljivo?
Gorazd Perenič - Si predstavljate, da nič ni več nepredstavljivo? Genis d.o.o.
 
iPhone & iPad Creative Work. Vol.8 Analog to Digital
iPhone & iPad Creative Work. Vol.8 Analog to DigitaliPhone & iPad Creative Work. Vol.8 Analog to Digital
iPhone & iPad Creative Work. Vol.8 Analog to DigitalKeizo Kurazono
 
2014sessionPara 5
2014sessionPara 52014sessionPara 5
2014sessionPara 5acvq
 
Calling Java - JNIPort for VisualWorks
Calling Java - JNIPort for VisualWorksCalling Java - JNIPort for VisualWorks
Calling Java - JNIPort for VisualWorksESUG
 

Destaque (15)

Odontoma compuesto
Odontoma compuestoOdontoma compuesto
Odontoma compuesto
 
Orthopedic
OrthopedicOrthopedic
Orthopedic
 
Foundations of Excellence Presentation
Foundations of Excellence PresentationFoundations of Excellence Presentation
Foundations of Excellence Presentation
 
Well read 1 ch 6
Well read 1 ch 6Well read 1 ch 6
Well read 1 ch 6
 
My Wealth Campaign introduction
My Wealth Campaign introductionMy Wealth Campaign introduction
My Wealth Campaign introduction
 
Healthcare Information Exchange
Healthcare Information ExchangeHealthcare Information Exchange
Healthcare Information Exchange
 
Back That Computer Up - Preventing disasters in the age of the cloud.
Back That Computer Up - Preventing disasters in the age of the cloud.Back That Computer Up - Preventing disasters in the age of the cloud.
Back That Computer Up - Preventing disasters in the age of the cloud.
 
Wd share space_release_notes_2_2_93_final
Wd share space_release_notes_2_2_93_finalWd share space_release_notes_2_2_93_final
Wd share space_release_notes_2_2_93_final
 
Gorazd Perenič - Si predstavljate, da nič ni več nepredstavljivo?
Gorazd Perenič - Si predstavljate, da nič ni več nepredstavljivo? Gorazd Perenič - Si predstavljate, da nič ni več nepredstavljivo?
Gorazd Perenič - Si predstavljate, da nič ni več nepredstavljivo?
 
02%20 ant
02%20 ant02%20 ant
02%20 ant
 
iPhone & iPad Creative Work. Vol.8 Analog to Digital
iPhone & iPad Creative Work. Vol.8 Analog to DigitaliPhone & iPad Creative Work. Vol.8 Analog to Digital
iPhone & iPad Creative Work. Vol.8 Analog to Digital
 
2014sessionPara 5
2014sessionPara 52014sessionPara 5
2014sessionPara 5
 
Getting Started with Excel
Getting Started with Excel Getting Started with Excel
Getting Started with Excel
 
Sand Lake Office Photo Tour
Sand Lake Office Photo Tour Sand Lake Office Photo Tour
Sand Lake Office Photo Tour
 
Calling Java - JNIPort for VisualWorks
Calling Java - JNIPort for VisualWorksCalling Java - JNIPort for VisualWorks
Calling Java - JNIPort for VisualWorks
 

Semelhante a An Architecture for Providing Security to Cloud Resources

Migration of Virtual Machine to improve the Security in Cloud Computing
Migration of Virtual Machine to improve the Security in Cloud Computing Migration of Virtual Machine to improve the Security in Cloud Computing
Migration of Virtual Machine to improve the Security in Cloud Computing IJECEIAES
 
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud EnvironmentsA Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environmentsmlaij
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computingijcnes
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
 
IT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization SecurityIT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization SecurityBooz Allen Hamilton
 
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...ijcncs
 
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...cscpconf
 
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIjirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIJIR JOURNALS IJIRUSA
 
Protecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest ThreatsProtecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest Threatswhite paper
 
Virtualization in Cloud Computing
Virtualization in Cloud ComputingVirtualization in Cloud Computing
Virtualization in Cloud Computingijtsrd
 
Tech trendnotes
Tech trendnotesTech trendnotes
Tech trendnotesStudying
 
Virtualization in Cloud computing
Virtualization in Cloud computing Virtualization in Cloud computing
Virtualization in Cloud computing Priti Banya Mohanty
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd Iaetsd
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...IAEME Publication
 
VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudVAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudSwapna Shetye
 
A SURVEY ON SECURITY CHALLENGES OF VIRTUALIZATION TECHNOLOGY IN CLOUD COMPUTING
A SURVEY ON SECURITY CHALLENGES OF VIRTUALIZATION TECHNOLOGY IN CLOUD COMPUTINGA SURVEY ON SECURITY CHALLENGES OF VIRTUALIZATION TECHNOLOGY IN CLOUD COMPUTING
A SURVEY ON SECURITY CHALLENGES OF VIRTUALIZATION TECHNOLOGY IN CLOUD COMPUTINGijcsit
 

Semelhante a An Architecture for Providing Security to Cloud Resources (20)

Migration of Virtual Machine to improve the Security in Cloud Computing
Migration of Virtual Machine to improve the Security in Cloud Computing Migration of Virtual Machine to improve the Security in Cloud Computing
Migration of Virtual Machine to improve the Security in Cloud Computing
 
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud EnvironmentsA Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
 
IT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization SecurityIT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization Security
 
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...
 
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
 
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIjirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
 
REPORT1 new
REPORT1 newREPORT1 new
REPORT1 new
 
Protecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest ThreatsProtecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest Threats
 
Virtualization in Cloud Computing
Virtualization in Cloud ComputingVirtualization in Cloud Computing
Virtualization in Cloud Computing
 
Tech trendnotes
Tech trendnotesTech trendnotes
Tech trendnotes
 
Virtualization in Cloud computing
Virtualization in Cloud computing Virtualization in Cloud computing
Virtualization in Cloud computing
 
Dz25764770
Dz25764770Dz25764770
Dz25764770
 
Dz25764770
Dz25764770Dz25764770
Dz25764770
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 
Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challenges
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...
 
VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudVAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus Cloud
 
A SURVEY ON SECURITY CHALLENGES OF VIRTUALIZATION TECHNOLOGY IN CLOUD COMPUTING
A SURVEY ON SECURITY CHALLENGES OF VIRTUALIZATION TECHNOLOGY IN CLOUD COMPUTINGA SURVEY ON SECURITY CHALLENGES OF VIRTUALIZATION TECHNOLOGY IN CLOUD COMPUTING
A SURVEY ON SECURITY CHALLENGES OF VIRTUALIZATION TECHNOLOGY IN CLOUD COMPUTING
 

Último

INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 

Último (20)

INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 

An Architecture for Providing Security to Cloud Resources

  • 1. International Conference on Emerging Technology Trends (ICETT) 2011 Proceedings published by International Journal of Computer Applications® (IJCA) An Architecture for Providing Security to Cloud Resources Niranjana Padmanabhan Bijolin Edwin E Lecturer Lecturer CS Department IT Department S.N College of Engineering and Karunya University, India Technology, India ABSTRACT be audited due to the dynamic and fluid nature of virtual One of the major challenges in Cloud computing is providing machines. Also, the co-location of multiple virtual machines security to the cloud resources. In present paper, we make use of increases the attack surface and risk of virtual machine-to-virtual the concept of virtualization to protect the cloud components machine compromise. The main focus of this paper is on the and the integrity of guest virtual machines. To guarantee controlled sharing of resources. Such sharing is not controlled increased security to cloud resources, an architecture called by any formal policy in current hypervisor systems. This lack of Cloud Protection System (CPS) is proposed. CPS remains fully formality makes it difficult to reason about the effectiveness of transparent to the cloud components and the guest virtual isolation between VMs. In the following sections we show how machines since it is implemented on the base machine and CPS can leverage full virtualization to provide increased monitors the integrity of guest virtual machines. Also, we protection to actually deployed cloud systems such as propose an architecture called HypeSec, which can be integrated Eucalyptus. Also, HypeSec architecture is integrated in the in the hypervisor Qemu, where it controls all inter-VM hypervisor Qemu, where it controls all inter-VM communication communication according to formal security policies. The according to formal security policies. architecture CPS is fully implemented using Eucalyptus cloud environment, and Qemu as the hypervisor. The effectiveness of 2. RELATED WORK the prototype is shown by testing it against the Sebek rootkit The survey on cloud computing presented in Armbrust et al. attack. (2009) have been the starting point of our work. There are many research papers on integrity checking mechanisms and intrusion General Terms detection solutions. Those mechanisms can be successfully Cloud computing, virtual machine, security. applied to cloud computing as well. For example, the Filesystem Integrity Tools and Intrusion Detection Systems such as Keywords Tripwire (Kim and Spafford, 1994) and AIDE (AIDE team, Eucalyptus, Hypervisor, Qemu, virtualization. 2005) can be deployed in virtual machines. But they are subject to attacks possibly coming from a guest machine user who has 1. INTRODUCTION turned the machine into a malicious one. In addition to this, Cloud computing is a consequence of economic, commercial, when an attacker finds out that the target machine is in a virtual cultural and technological conditions that have combined to environment, it may attempt to break out of the virtual cause a disruptive shift in information technology towards a environment through vulnerabilities (Secunia, 2009) in the service-based economy. The underlying driver of this change is Virtual Machine Monitor (VMM). Most of the approaches the commoditization of IT. Even though unresolved security and present today, leverage VMM isolation properties to secure privacy issues are slowing down their adoption and success, VMs by leveraging various levels of virtual introspection. cloud nodes are increasingly popular. Since the cloud nodes are Virtual introspection (Jiang et al., 2007) is a process in which exposed to third parties of services and interfaces, they are more the VMM monitors the state of a VM. SecVisor (Seshadri et al., vulnerable to cyber attacks. The cloud in fact is the internet, 2007) Lares (Payne et al., 2008) and KVM-L4 (Peter et al., with all the positives and negatives of it. Hence providing 2009), to name a few, leverage virtualization to monitor the security to the cloud is a challenging task. Thus it is crucial to integrity of the guest kernel code from a privileged virtual identify the possible threats that could occur and to establish machine or from the Virtual Machine Monitor, also known as security processes to protect the cloud from attacks. Virtual the hypervisor. Finally, the paper called Transparent security for Machines (VM’s) on the Internet are exposed to many kinds of cloud (Lombardi and Di Pietro, 2010) was studied to know what interactions that virtualization technology can help filtering are the security measures taken for protecting the integrity of the while assuring a higher degree of security. To provide virtual machines in the cloud. It can be seen that this paper and monitoring of VMs, allowing easier management of the security our work share some similarity in terms of positioning of the of complex cluster, server farms, and cloud computing protection components. In Transparent security for cloud, the infrastructures, virtualization can also be used as a security authors have considered the case in which security is provided in component. However, with respect to security, the virtualization an environment where there is only a single virtual machine that technologies create new potential concerns. It will be difficult to has gone malicious. Furthermore in Secure virtualization for maintain the consistency of security and ensure that records can cloud computing (Lombardi and Di Pietro, June 2010), again by 34
  • 2. International Conference on Emerging Technology Trends (ICETT) 2011 Proceedings published by International Journal of Computer Applications® (IJCA) the same authors considers the scenario where there are two users to focus on innovation. IaaS can be defined as the delivery virtual machines connected to a host and one of it has turned out of computer infrastructure (typically a platform virtualization to be malicious. But the chance of a compromised virtual environment) as a service. IaaS leverages services, significant machine that has become malicious affecting the next virtual technology and data center investments to deliver IT as a service machine (due to the dynamic and fluid nature of virtual to customers. Unlike traditional outsourcing, which requires machines) is vaguely explained. Our work shows that by complex, lengthy contract vehicles, extensive due diligence, providing an access control feature in the VMM, we can safe negotiations ad infinitum, IaaS is centered around a model of guard a virtual machine from being infected by a malicious one. service delivery that provisions a predefined, standardized infrastructure specifically optimized for the customer’s 3. BACKGROUND applications. IaaS customers essentially rent the resources as a Cloud computing is Internet-based computing, whereby shared fully outsourced service rather than purchasing data center resources, software, and information are provided to computers space, servers, software, network equipment, etc. Usually, the and other devices on demand. In cloud computing, details are service is billed on a monthly basis, just like a utility company abstracted from the users, who no longer have need for expertise bills customers. The customer is charged based on the amount of in, or control over, the technology infrastructure "in the cloud" resources he has consumed. In our work, we have focused that supports them. Cloud computing typically involves over- mainly on the ‘lowest’’ computational layer (i.e. IaaS) because the-Internet provision of dynamically scalable and often we can more effectively provide a security foundation on top of virtualized resources. In general, cloud computing customers which more secure services can be offered. Out of the cloud rent usage from a third-party provider thus avoiding capital computing systems that exist today, most of them are proprietary expenditure. The cloud customers consume resources as a (even though APIs are open and well known) and they do not service and pay only for the resources that they use. We can say allow integration with other systems or any kind of that cloud computing is a form of utility computing wherein the enhancements for research purpose. Because of this is reason, customers are charged according to the amount of resources that we have chosen Eucalyptus. they use. The utilization rates are improved by sharing "perishable and intangible" computing power among multiple 4. CLOUD PROTECTION SYSTEM tenants, as servers are not unnecessarily left idle (which can In the proposed Cloud Protection System (CPS), the guest reduce costs significantly while increasing the speed of virtual machine is monitored by the host to ensure that the application development). But a side-effect of this approach is integrity of the virtual machine is protected. We mainly monitor that the overall computer usage rises dramatically, as customers the kernel code or data that would be targeted (or) affected by do not have to engineer for peak load limits. In addition, it is attacks to provide protection to the virtual machines and the possible to receive the same response times from centralized cloud infrastructure. Thus any modification to the kernel code infrastructure at other sites due to "increased high-speed and data is detected by monitoring the cloud components and the bandwidth”. The concepts such as virtualization, distributed kernel (of virtual machine). This monitoring guarantees that the computing and utility computing are applied within the cloud integrity of the virtual machine kernel and the cloud middleware paradigm. Cloud services are available at different layers like have not been compromised. Now how we monitor the integrity Software as a Service (SaaS), Platform as a Service (PaaS) and of cloud components is by logging in and verifying the Infrastructure as a Service (IaaS). The traditional way of checksum of cloud libraries and executable files periodically. software distribution, wherein the software is purchased for and The high level description of CPS is shown in Figure 1. The installed on personal computers, is sometimes referred to as monitoring data flows are depicted as continuous lines in green Software-as-a-Product. Software-as-a-Service is a term given to color where as the dangerous data flows are shown as dashed the software distribution model in which the applications are lines (red). All the CPS modules- the Interceptor, Warning hosted by a vendor or service provider and made available to Recorder, Warning Queue and the Evaluator are located on the customers over a network, typically the Internet. As the base machine (host). The Interceptor component notices any underlying technologies that support web services and service- suspicious guest activities like for example, system_call oriented architecture (SOA) mature and new developmental invocation and it is recorded by the Warning Recorder into the approaches become popular, SaaS is becoming an increasingly Warning Queue (WQ). Then the threat will be evaluated by the prevalent delivery model. SaaS is also often associated with a Evaluator component. Our protection system called CPS is pay-as-you-go subscription licensing model. The next cloud implemented over Eucalyptus cloud environment. Eucalyptus service known as the Platform-as-a-Service allows us to include (Nurmi etal.,2009) consists of: a Node Controller (NC) that platforms for building and running custom web-based controls the execution, inspection, and termination of VM application. It is an outgrowth of the SaaS application delivery instances on the host where it runs; a Cluster Controller (CC) model. We can say that the PaaS model makes all of the that gathers information about VM and schedules VM execution facilities required to support the complete life cycle of building on specific node controllers; further, it manages virtual instance and delivering web applications and services entirely available networks; a Storage Controller (SC)—Walrus—that is, a storage from the Internet, without any software downloads or service providing a mechanism for storing an accessing VM installation for developers, IT managers, or end users. In the images and user data; a Cloud Controller (CLC), the web IaaS model, the developers can/may create a specific operating services entry point for users and administrators that make high system instance with home grown applications running. Unlike level scheduling decisions. The NC runs on every node hosting this model, PaaS developers are concerned only with web based VM instances. The NC activity and integrity is mainly development and generally do not care what operating system is monitored, as it is the key component for our cloud used. Rather than complex infrastructure, PaaS services allow implementation. 35
  • 3. International Conference on Emerging Technology Trends (ICETT) 2011 Proceedings published by International Journal of Computer Applications® (IJCA) Fig 1: Cloud Protection System Now, if any dangerous alteration in the guest VM is detected, This architecture named HypeSec can have an Access Control CPS can take actions like shutting down the VM or restarting a Module (ACM) incorporated with the Qemu hypervisor which clean image. An attack can be implemented by inserting a will exercise access control between VMs, isolation of virtual rootkit in the guest VM. For instance we can insert Sebek, which resources, resource control etc. The ACM authorizes access of is a kernel module that hides its presence and intercepts file VMs to resources based on certain policy rules attached to VMs. system and network activity. It alters the syscall table and One policy can be like administrators must ensure that certain changes the execution flow to execute any malicious code. CPS VMs (and their supported workload types) cannot run on the can detect both the alteration of the syscall table and the change same hypervisor system at the same time. Based on such in the checksum of kernel files on virtual storage. Now if there policies, the ACM can decide on whether to allow are many virtual machines installed in a single system and one communication among virtual machines or not. This feature virtual machine has gone malicious, then it will affect the enhances the security provided by the CPS. remaining virtual machines in no time. That is, the co-location of multiple virtual machines increases the attack surface and risk 5. ATTACK IMPLEMENTATION of virtual machine-to-virtual machine compromise. Hence along First we checked how our protection system reacted by making a with CPS, we can include a security feature in the hypervisor single virtual machine malicious. We did so by inserting a Qemu to provide better protection. We kept the name as module inside the kernel of the virtual machine which altered its HypeSec since we add the security feature in the hypervisor. syscall table and changed the execution flow so as to execute the The block diagram of HypeSec is depicted in Figure 2. malicious code. This alteration was identified by the CPS components at the base system by the change in the value of checksum generated after the syscall table was altered. After detecting the alteration, the virtual machine was made to be powered off. When this was found successful, we next made some additions to the Qemu code so that the Qemu hypervisor will exercise some access control method when there is more than one virtual machine on the base system and one among those is compromised. That is, once it is found out that a virtual machine is malicious, the Qemu hypervisor will change the Fig 2: Block diagram of HypeSec access rights of the compromised virtual machine in such a way that it cannot communicate with the other VMs thus avoiding 36
  • 4. International Conference on Emerging Technology Trends (ICETT) 2011 Proceedings published by International Journal of Computer Applications® (IJCA) the attack on the non malicious VMs. Then the compromised [3] Seshadri A, Luk M, Qu N, Perrig A. Secvisor: a tiny virtual machine was made to be powered off in order to avoid it hypervisor to provide life time kernel code integrity for from affecting the critical kernel code or data of the base system. commodity oses. In SOSP’07: Proceedings of twenty first ACM SIGOPS symposium on operating systems principles, This was done after the CPS components detected the change in ACM, New York, NY, USA, 2007. p. 335–50. the syscall table checksum of the malicious VM. There is of course a small amount of overhead introduced by this technique [4] Payne BD, Carbone M, Sharif M, Lee W. Lares: An architecture for secure active monitoring using but compared with the detection capability of our system, it can virtualization. In SP ’08: Proceedings of the 2008 IEEE be neglected. symposium on security and privacy (sp2008), IEEE Computer Society, Washington, DC, USA, 2008. pp. 233- 6. CONCLUSION 47. In this paper, we have introduced an architecture named Cloud [5] Lombardi F, Di Pietro R. Kvmsec: a security extension for Protection System that can provide security to the cloud linux kernel virtual machines. In SAC ’09: Proceedings of resources via virtualization. CPS monitors the guest and the the 2009 ACM symposium on applied Computing, ACM, middleware components and ensures that the integrity has not New York, NY, USA, 2009. pp. 2029–34. been compromised. To enhance the security provided, HypeSec architecture is proposed which is integrated along with the [6] Qumranet. Linux kernel virtual machine. hypervisor Qemu. CPS combined with HypeSec can be http://kvm.qumranet.com. deployed on any cloud implementation. Our protection system [7] Peter M, Schild H, Lackorzynski A, Warg A. Virtual ensures that the integrity of the virtual machines is not machines jailed: virtualization in systems with small trusted compromised. computing bases. In VDTS ’09: Proceedings of the 1st EuroSys Workshop on virtualization technology for 7. ACKNOWLEDGMENTS dependable systems, ACM, New York, NY, USA, 2009. Our thanks to the experts who have contributed towards the p.18–23. development of this paper. [8] Rhee J, Riley R, Xu D, Jiang X. Defeating dynamic data kernel rootkit attacks via vmm-based guest transparent 8. REFERENCES monitoring. Availability, Reliability and Security, 2009. [1] Armbrust M, Fox A, Griffith R. Above the clouds: A ARES ’09. Berkeley view of cloud computing. Technical Report [9] Lombardi F, Di Pietro R. Transparent security for cloud. In UCB/EECS-2009-28, EECS Department, University of SAC’10: Proceedings of the 2010 ACM symposium on California, Berkeley, February 2009. applied computing. [2] Bellard F. Qemu, a fast and portable dynamic translator. In [10] Lombardi F, Di Pietro R. Secure virtualization for cloud ATEC ’05: Proceedings of the annual conference on computing. In Elsevier, June 2010: Journal of Network and USENIX annual technical conference, Berkeley, CA, USA, Computer Applications. 2005. USENIX Association, p. 41. 37