This document contains the answers to 10 short questions related to cloud computing topics. It defines computer viruses, worms, and Trojan horses. It discusses network protocols like FTP, HTTPS, and others used in cloud computing. It explains denial of service (DoS) attacks, resource management in cloud computing, differences between HTTP and HTTPS, scheduling in cloud computing, differences between authentication and authorization, data encryption techniques, what SSL is, and what an identity management system is and how it is helpful in cloud computing.
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
Cloud Computing Assignment 3
1. 1 | P a g e B y G u r p r e e t S i n g h
http://gsbprogramming.blogspot.in/
Cloud Computing (BTCS-912)
Assignment 3
2. 2 | P a g e B y G u r p r e e t S i n g h
http://gsbprogramming.blogspot.in/
Short questions
Q1: What are computer VIRUS, WORM and Trojan horse?
A: Computer VIRUS
A computer virus is a malware program that, when executed, replicates by inserting copies of itself
(possibly modified) into other computer programs, data files, or the boot sector of the hard drive;
when this replication succeeds, the affected areas are then said to be "infected".
Viruses often perform some type of harmful activity on infected hosts, such as stealing hard disk
space or CPU time, accessing private information, corrupting data, displaying political or
humorous messages on the user's screen, spamming their contacts, or logging their keystrokes.
Computer WORM
A computer worm is a self-replicating computer program that penetrates an operating system with
the intent of spreading malicious code. Worms utilize networks to send copies of the original code
to other computers, causing harm by consuming bandwidth or possibly deleting files or sending
documents via email.
A computer worm is a standalone malware computer program that replicates itself in order to
spread to other computers. Often, it uses a computer network to spread itself, relying on security
failures on the target computer to access it. Unlike a computer virus, it does not need to attach
itself to an existing program.
Trojan Horse
A Trojan horse, or Trojan, in computing is a generally a non-self-replicating type of malware
program containing malicious code that, when executed, carries out actions determined by the
nature of the Trojan, typically causing loss or theft of data, and possible system harm.
Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One
of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses
but instead introduces viruses onto your computer.
Q2: What network protocols are used in Cloud Computing?
A: FTP
File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one host to
another host over a TCP-based network, such as the Internet.
FTP is built on client server architecture and uses separate control and data connections between
the client and the server. FTP may run in active or passive mode, which determines how the data
connection is established
3. 3 | P a g e B y G u r p r e e t S i n g h
http://gsbprogramming.blogspot.in/
Active mode: In active mode, the client creates a TCP control connection to the server and sends
the server the client's IP address and an arbitrary client port number, and then waits until the server
initiates the data connection over TCP to that client IP address and client port number.
Passive Mode: In passive mode, the client uses the control connection to send a PASV command
to the server and then receives a server IP address and server port number from the server, which
the client then uses to open a data connection from an arbitrary client port to the server IP address
and server port number received. Passive mode may be used in situations where the client is behind
a firewall and unable to accept incoming TCP connections.
HTTPS
HTTPS is a communications protocol for secure communication over a computer network, with
especially wide deployment on the Internet. Technically, it is not a protocol in and of itself; rather,
it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL or
TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP
communications. The main motivation for HTTPS is to provide authentication of the visited
website and prevent wiretapping and man-in-the-middle attacks.
Q3: What is DOS Attack?
A: denial-of-service attack, a type of attack on a network that is designed to bring the network to
its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and
Teardrop attacks, exploit limitations in the TCP/IP protocols. For all known DoS attacks, there are
software fixes that system administrators can install to limit the damage caused by the attacks. But,
like viruses, new DoS attacks are constantly being dreamed up by hackers.
A denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a
machine or network resource unavailable to its intended users. A denial of service (DoS) attack is
a malicious attempt to make a server or a network resource unavailable to users, usually by
temporarily interrupting or suspending the services of a host connected to the Internet.
A DoS attack generally consists of efforts to temporarily or indefinitely interrupt or suspend
services of a host connected to the Internet.
A denial-of-service attack is characterized by an explicit attempt by attackers to prevent legitimate
users of a service from using that service. There are two general forms of DoS attacks: those that
crash services and those that flood services.
Q4: What is resource management in cloud computing?
A: A cloud computing infrastructure is a complex system with a large number of shared resources.
These are subject to unpredictable requests and can be affected by external events beyond your
control. Cloud resource management requires complex policies and decisions for multi-objective
optimization. It is extremely challenging because of the complexity of the system, which makes it
4. 4 | P a g e B y G u r p r e e t S i n g h
http://gsbprogramming.blogspot.in/
impossible to have accurate global state information. It is also subject to incessant and
unpredictable interactions with the environment.
The strategies for cloud resource management associated with the three cloud delivery models,
Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS),
differ from one another. In all cases, the cloud services providers are faced with large, fluctuating
loads that challenge the claim of cloud elasticity. In some cases, when they can predict a spike can
be predicted, they can provision resources in advance. For example, seasonal Web services may
be subject to spikes.
For an unplanned spike, the situation is slightly more complicated. You can use Auto Scaling for
unplanned spike loads, provided there’s a pool of resources you can release or allocate on demand
and a monitoring system that lets you decide in real time to reallocate resources. Auto Scaling is
supported by PaaS services such as Google App Engine. Auto Scaling for IaaS is complicated due
to the lack of standards.
Q5: What is difference between HTTP and HTTPs?
A:
HTTP
Hypertext Transfer Protocol (HTTP) is a protocol used in networking. When you type any web
address in your web browser, your browser acts as a client, and the computer having the requested
information acts as a server. When client requests for any information from the server, it uses
HTTP protocol to do so. The server responds back to the client after the request completes.
HTTPs
Hypertext Transfer Protocol Secure (HTTPS) is a combination of two different protocols. It is
more secure way to access the web. It is combination of Hypertext Transfer Protocol (HTTPS) and
SSL/TLS protocol. It is more secure way to sending request to server from a client, also the
communication is purely encrypted which means no one can know what you are looking for. This
kind of communication is used for accessing those websites where security is required. Banking
websites, payment gateway, emails (Gmail offers HTTPS by default in Chrome browser), and
corporate sector websites are some great examples where HTTPS protocols are used.
For HTTPS connection, public key trusted and signed certificate is required for the server. These
certificate comes either free or it costs few dollars depends on the signing authority. There is one
other method for distributing certificates. Site admin creates certificates and loads in the browser
of users. Now when user requests information to the web server, his identity can be verified easily.
Here are some major differences between HTTP and HTTPS:
5. 5 | P a g e B y G u r p r e e t S i n g h
http://gsbprogramming.blogspot.in/
HTTP HTTPS
URL begins with “http://” URL begins with “https://”
It uses port 80 for
communication
It uses port 443 for
communication
Unsecured Secured
Operates at Application Layer Operates at Transport Layer
No encryption Encryption is present
No certificates required Certificates required
Q6: What is scheduling in Cloud?
A: Cloud service scheduling is categorized at user level and system level. At user level scheduling
deals with problems raised by service provision between providers and customers. The system
level scheduling handles resource management within datacenter.
Static and Dynamic Scheduling
Static scheduling allows for pre-fetching required data and pipelining different stages of task
execution. Static scheduling imposes less runtime overhead. In case of dynamic scheduling
information of the job components/task is not known beforehand. Thus execution time of the task
may not be known and the allocation of tasks is done on fly as the application executes.
Heuristic Scheduling
Optimization problems are in Class NP-hard. These problems can be solved by enumeration
method, heuristic method or approximation method. In enumeration method, an optimal solution
can be selected if all the possible solutions are enumerated and compared one by one. When
number of instances is large, exhaustive enumeration is not feasible for scheduling problems. In
that case heuristic is a suboptimal algorithm to find reasonably good solutions reasonably fast.
Approximation algorithms are used to find approximate solutions to optimized solution. These
algorithms are used for problems when exact polynomial time algorithms are known
Real Time Scheduling
The primary objectives of real time scheduling are to increase throughput and minimize average
response time instead of meeting deadlines
Q7: What is difference between authentication and authorization? Explain.
A: Authentication
6. 6 | P a g e B y G u r p r e e t S i n g h
http://gsbprogramming.blogspot.in/
Authentication is the process of verifying the identity of a user using some credentials like
username and password. Authentication merely ensures that the individual is who he or she
claims to be, but says nothing about the access rights of the individual.
Authorization
The process of granting or denying access to a network resource. Authorization determines the
parts of the system to which a particular identity has access.
Authentication is required before Authorization.
For e.g. If an employee authenticates himself with his credentials on a system, authorization will
determine if he has the control over just publishing the content or also editing it
Q8: What is data encryption? Discuss some current techniques used for encryption.
A: Data encryption is the act of changing electronic information into an unreadable state by
using algorithms or ciphers. Encryption does not of itself prevent interception, but denies the
message content to the interceptor. In an encryption scheme, the message or information,
referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that
can only be read if decrypted.
Encryption Techniques:
Hashing
The first encryption method, called hashing, creates a unique, fixed-length signature for a message or data
set. Hashes are created with an algorithm, or hash function, and people commonly use them to compare
sets of data. Since a hash is unique to a specific message, even minor changes to that message result in a
dramatically different hash, thereby alerting a user to potential tampering.
A key difference between hashing and the other two encryption methods is that once the data is
encrypted, the process cannot be reversed or deciphered. This means that even if a potential attacker
were able to obtain a hash, he or she would not be able to use a decryption method to discover the
contents of the original message. Some common hashing algorithms are Message Digest 5 (MD5) and
Secure Hashing Algorithm (SHA).
Symmetric Methods
Symmetric cryptography, also called private-key cryptography, is one of the oldest and most secure
encryption methods. The term "private key" comes from the fact that the key used to encrypt and decrypt
data must remain secure because anyone with access to it can read the coded messages. A sender
encodes a message into ciphertext using a key, and the receiver uses the same key to decode it.
7. 7 | P a g e B y G u r p r e e t S i n g h
http://gsbprogramming.blogspot.in/
People can use this encryption method as either a "stream" cipher or a "block" cipher, depending on the
amount of data being encrypted or decrypted at a time. A stream cipher encrypts data one character at a
time as it is sent or received, while a block cipher processes fixed chunks of data. Common symmetric
encryption algorithms include Data Encryption Standard (DES), Advanced Encryption Standard (AES), and
International Data Encryption Algorithm (IDEA).
Asymmetric Methods
Asymmetric, or public key, cryptography is, potentially, more secure than symmetric methods of
encryption. This type of cryptography uses two keys, a "private" key and a "public key," to perform
encryption and decryption. The use of two keys overcomes a major weakness in symmetric key
cryptography, since a single key does not need to be securely managed among multiple users.
In asymmetric cryptography, a public key is freely available to everyone and used to encrypt messages
before sending them. A different, private key remains with the receiver of ciphertext messages, who uses
it to decrypt them. Algorithms that use public key encryption methods include RSA and Diffie-Hellman.
Q9: What is SSL?
A: SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted
link between a web server and a browser. This link ensures that all data passed between the web
server and browsers remain private and integral. SSL is an industry standard and is used by
millions of websites in the protection of their online transactions with their customers.
To be able to create an SSL connection a web server requires an SSL Certificate. When you
choose to activate SSL on your web server you will be prompted to complete a number of
questions about the identity of your website and your company. Your web server then creates
two cryptographic keys - a Private Key and a Public Key.
Typically an SSL Certificate will contain your domain name, your company name, your address,
your city, your state and your country. It will also contain the expiration date of the Certificate
and details of the Certification Authority responsible for the issuance of the Certificate. When a
browser connects to a secure site it will retrieve the site's SSL Certificate and check that it has
not expired, it has been issued by a Certification Authority the browser trusts, and that it is being
used by the website for which it has been issued. If it fails on any one of these checks the
browser will display a warning to the end user letting them know that the site is not secured by
SSL.
Q10: What is Identity Management System? How it is helpful in Cloud Computing?
A: Identity management (IdM) describes the management of individual identities, their
authentication, authorization, roles and privileges within or across system and enterprise
boundaries with the goal of increasing security and productivity while decreasing cost, downtime,
8. 8 | P a g e B y G u r p r e e t S i n g h
http://gsbprogramming.blogspot.in/
and repetitive tasks. Identity management (ID management) is a broad administrative area that
deals with identifying individuals in a system (such as a country, a network, or an enterprise) and
controlling their access to resources within that system by associating user rights and restrictions
with the established identity.
In terms of security, identity management in cloud computing is one area that will require increased
attention if those benefits are to be fully realized. In order to grant safe access to sensitive
information and resources to all those who need it, organizations must carefully monitor which
users are accessing what resources to ensure that they are accessing the resources that they need
in an appropriate manner. Because of this, Gartner is predicting that identity and access
management in the cloud will be one of the top three most sought after services moving forward
for cloud-based models.
IMS provides several advantages:
The ability to have common identity validation for systems both inside and outside the
enterprise, such as those hosted on public clouds
The ability to centrally solve problems, such as identifying and neutralizing security
problems
The ability to spend less on enterprise security by relying on the centralized trust model
to deal with identity management across external and internal systems