secure cloud
TRANSCRIPT
8/7/2019 secure cloud
http://slidepdf.com/reader/full/secure-cloud 1/8
Paper Name : Secure Cloud Computing usingVML techniqueAuthor Name: M.GANESH
Branch: MCA
Semester: VI semester
Department: MCA
College: RMK Engineering College affiliated withAnna university chennai.
Unique ID: N111042
Email id: [email protected]
Abstract-
Cloud Computing, considered to be the next industrial revolution in the field of computers, facesproblems regarding security and latency. Thesolution for latency is known and that rests in time¶shands to create a transmission medium whichreduces latency time. But still security problemshave not found satisfactory solutions. In the near future, almost everyone will be storing confidential data in the cloud automatically leading to cloud penetration by the hackers. In this paper, I discussabout the basic idea about cloud computing, theproblems faced in implementation, ways to avoid data sniffing and a new approach to prevent datastealing by the cloud service providers themselvesby a concept called Virtual Machine Lock (VML).
Introduction:
Companies can signifi cantly benefit from
cloud computing because of the cut in capital
expenditure and the incredible scalability provided
by the cloud. The resour ces provided by the cloud
can be considered infinite. Computing as a utility
has reached the mainstream. Vendors now rent all
or portions of physi cal machines for hourly periods
for web servi ces. The cloud computing model
emphasizes the ability to scale compute resour ces
on demand. The advantages for users are numerous
as total cost can be close to zero when resour ces are
not in use. The cloud user can pay costs dire ctly
proportional to need rather than allo cating resour ces
according to average or peak load which was thepractice before the advent of cloud computing.
Then you may be wondering why this cloud
computing has not yet started its regime. There are
two main pro blems ± High laten cy and security
threats.
High laten cy becomes a major pro blem in
areas of limited conne ctivity. This pro blem can be
solved in a few years time, as 4G is all set to release
WiMAX and Cisco is in pro cess of inventing a new
kind of Ethernet cable with ultra-low laten cy
exclusively meant for cloud computing. Whereas
the other one named ³ security threat´ is getting
pat ched up regularly. But still the users are afraid if
they would lose their confidential data to ruthlesshackers and dishonest cloud managers. A recent
study surveyed more than 500 c hief executives and
IT managers in 17 c ountries, and found that despite
the potential benefits of cloud computing,
executives ³ trust existing internal systems over
cloud- based systems due to fear about security
threats and loss of control of data and systems´.
One of the most serious concerns is the possi bility
of confidentiality violations. Either mali ciously or
accidentally, cloud provider¶s employees can
tamper with or leak a company¶s data. Such actions
can severely damage the reputation or finan ces of a
company.
8/7/2019 secure cloud
http://slidepdf.com/reader/full/secure-cloud 2/8
In order to prevent confidentiality violations,
The cloud servi ce providers may resort to
encryption as a solution. But encryption works only
for storing data in the secondary storage cloud. But
when it comes to computation, the unen crypted data
should reside in the memory for computation to be
successful.
T he Current Scenario in Cloud Computing:
The field of cloud computing is still in its
infan cy as far as implementation and usage are
concerned, partly because it is a bit inse cure and is
so high resour ce dependent that resear ches in
academi c institutions have not had many
opportunities to analyze and experiment with it. At
the moment, a general understanding of cloud
computing refers to the following concepts : grid
computing, utility computing, software as a servi ce,
storage in the cloud and virtualization. In short, we
don¶t own the necessary hard disk, R AM, or
pro cessor power we need instead we use it from a provider paying him on a on-demand basis similar
to the way we pay the EB b ills.
What is Cloud Computing?
A cloud is nothing but a group of loosely
coupled computers put together. Cloud Computing
is defined in different ways by different people, as
in the case with Web 2 .0. The perspe ctive of the
people differ. But in general we can go with the
definition : ³ Cloud computing is a style of
computing in whi ch dynami cally scala ble and often
virtualized resour ces are provided as a servi ce over
the Internet´. Cloud is not a technology by itself, it
is a way of using the already known technology
³V irtualisation´.
³T he Change´:
So what change can we expe ct from cloud
computing. To explain this in better lets get a bit
retrospe ctive. What change did the Internet bring
into our life? Cloud computing is believed to create
such an impa ct on our lifestyle, business models,
the way we intera ct, etc. Imagine a world without
CD¶s, floppies, pen drives and even hard drives??
That¶s going to be the change that cloud computing
is going to bring.
Reason for the next paradigm ± Cloud
Computing:
Till now our business model needed only
data centers for storing data in secondary storage
devi ces. But nowadays a lot of industries are in
8/7/2019 secure cloud
http://slidepdf.com/reader/full/secure-cloud 3/8
need of powerful pro cessors with a suita ble primary
memory to support it. Even the demand for storage
is increasing phenomenally.
For eg. :
Google pro cesses 20 PB a day (2008)
³ all words ever spoken by human beings´ ~
5 EB
N OAA has ~1 PB c limate data (2007)
CER N ¶s LHC will generate 15 PB a year
(2008)
But there was once a time when Bill Gates
said,´6 40K is ought to be enough for anybody´!!
This clearly shows the steep increase in demand for
resour ces. In a cloud computing model, storage can
be done seamlessly.
N owadays the need for HPC(H igh
Performan ce Computing ) is becoming a basicnecessity for every industry. For instan ce, the N ew
York Times is using Amazon's cloud servi ce to
generate PDF documents of several-de cade old
arti cles. The estimated time for doing the task on
the Times' servers was 14 years, whereas the cloud
provided the answer in one day for a couple
hundred dollars. This is in line with Gordon¶s
Moore¶s Law ± ³T he performan ce of the pro cessor
dou bles every 18 months´. So in future it is
predi cted that processors will be given equal
importan ce as given for storage.
The above data from ARIST A center proves
the aforesaid point that HPC will be considered
equal to (or even more important than ) E nterprise
data storage. By 2018 , only 30% of X86 servers
will serve for Enterprise. Moreover it has been
observed that only 10% of the server¶s resour ces are
used. The concept of virtualization improved the
utilization of storage section and now cloud
computing arrives for drasti cally increasing server
utilization. So to say in a nutshell, you can do things
which you never thought you could. And build an
IT infrastructure more robustly, more efficiently,
more globally, more completely, more quickly, for a
given budget. And this has become the reason formaking the shift to the ³c loud´ indispensa ble.
T he Cloud Stack:
Before using the cloud we must know the basi c
resour ces provided by the cloud providers. The
8/7/2019 secure cloud
http://slidepdf.com/reader/full/secure-cloud 4/8
virtualized resour ces offered by the cloud (a cluster
of systems ) are classified into three types :
1.
Infrastru cture as a servi ce
2.
Platform as a servi ce
3.
Software as a servi ce
Above all these layers runs the ³W eb´. Lets have a
small intro in these layers.
1.
Infrastructure as a service (IaaS):
Providing the necessary hardware like the
primary and secondary storage, pro cessor etc.
Initially it was called Hardware as a Servi ce (by N icholas Carr, the Ameri can technology criti c).
2 .
Platform as a service (PaaS):
Delivering computing platform and solution
stack as a servi ce. An example for a computing
platform is JRE . A solution stack is nothing but a
group of platform servi ces like LAM P(Linux,Apa che,My SQL ,Perl/ PHP) used to run
dynami c we bsites. PaaS is also called cloudware.
3 .
Software as a Service (SaaS):
Providing softwares like MS-Office, Video
Converters online on a pey-per-use basis. This can
be provided in two ways :
Host the appli cation on a web server.
Download the appli cation to the consumer
devi ce and disa bling it automati cally after
the contra ct period is over.
The basic differen ce between a traditional stack and
a virtualized stack is shown below.
E xplanation of the virtualized stack:
Usually we used to have a single OS on a
machine. But using virtualization technology we
can boot many OS ¶s and virtually divide our single
machine in to many machines called ³V irtual
Machines´ or VMs. This concept is the heart of
cloud computing. To say in short, the Hard disk,
R am etc. are shared by many users at the same timeby using a group of loosely coupled systems called
in general as a cloud. So each user is under an
illusion of using his own machine.
Some key points which make Cloud Computing
attractive:
R educed Cost
Scalability
Highly Automated
8/7/2019 secure cloud
http://slidepdf.com/reader/full/secure-cloud 5/8
Flexibility
More Mobility
Self Healing R esilien ce
T hings required for a Cloud Computing
architecture:
A basic c loud computing model should
provide a) H orizontal scalability and b) V ertical
scala bility. Horizontal scalability means the ability
to manage a large num ber of users (also called user
scala bility ). Vertical scalability refers to the ability
of the appli cation to run undeterred and perform
consistently even as load increases. Appropriate
load balan cing and autonomi c pro cedures are
implemented for this purpose.
The attra ctive feature here is that, we need
not deploy any special hardware for this. The servers whi ch are currently availa ble are enough for
the implementation and we can see a lot of cloud
servi ce vendors already like Amazon, Salesfor ce,
GoGrid, SunCloud etc.
Issues in Cloud Computing:
Though the chara cteristi cs of Cloud
computing seem to be awe inspiring, yet it faces
many pro blems as the famous cliché goes, ³T wo
sides of the coin´. Some nota ble things are
The customers are completely dependent on
the servi ce providers.
Latency
Security
General Solutions :
The first issue is something on whi ch the
user has no control. We can compare it to a bank
which is taking care of all our money. The servi ce
providers won¶t close their industry so easily
because a lot of data is involved in it (like shutting
down a bank is extremely rare ).
The second issue is regarding thecommuni cation channels that are laid between the
consumer and the vendor. Currently, most of the
houses get conne cted to the cloud using dialups.
This conne ction will be fairly enough for small
apps. When we get into the hectic industrial sector,
every nanose cond of computation counts. They are
8/7/2019 secure cloud
http://slidepdf.com/reader/full/secure-cloud 6/8
spending lots of money for the processing and
storage and if the laten cy makes a delay, it becomes
unbeara ble. The solution for this lies in the hands of
the OFC developers. Currently we user the
Ethernet, which transmits data at 10 Gb ps. Cis co
introdu ced the DCE ( Data Center Ethernet ) with a
similar capa bility. But in future we can expe ct
Ethernet with 100Gb ps capacity.
The third issue is the pro blem I am going to
address in this paper. Security is the main reason
that has hindered the progress of Cloud Computing.
In cloud computing, we trust all our data to the
vendors, keeping in mind the bright idea of
mobility. But we should be aware that such data can
be tampered by the vendors, as the system
administrators have full-fledged control over the
servers. An inse cure vendor may lead to disrupting
servi ces, loss of priva cy, or even damage the data
stored.
The user¶s information can be stolen from
1. Secondary Storage 2.
Primary Storage
Stealing information from the hard disk or any other
secondary storage is a common thing that we
experien ce everyday. We get malware, spywares,
viruses etc. which try to get into our boot-se ctor and
slowly transfer information. But we already have
enough anti-virus appli cations and anti-spywares to
fight them. But there is a tougher problem in cloud
computing, that¶s the primary memory security.
T he Cloud is Visible :
Cloud computing has all the hallmarks of
becoming a prevalent and valua ble innovation that
IT professionals should use to their advantage.
However, the dangers of hosting and accessing
servi ces and appli cations through the internet also
need to be recognized. When 'in-the- cloud' an
organization can lose tra ck of resour ces: who
controls them and who is currently using whi ch
resour ces.
Placing large amounts of sensitive data in
the globally accessi ble ³c loud´ leaves organizations
open to large distri buted threats. Concentrating a
single company's data in a single location is risky
and multiple companies using the cloud can create a
potentially dangerous scenario. As data breach after
data breach are reported in the media, one of the
key considerations for companies when considering
cloud computing should be how secure data will be
in-the- cloud.
Solutions:
The three main disciplines expe cted from
the cloud providers are :
1. Confidentiality 2.
Integrity
3.
Availa bility
Confidentiality :
The users¶ data should be secure from other users.
Here the word data represents both the secondary
storage and the primary memory data. A
satisfa ctory solution has been found for this. But
still prote cting the primary memory data is not
possi ble. In this paper, I propose an idea to solve
this pro blem.
Integrity :
The user¶s data should not be damaged or modified
by others without the user¶s knowledge. The cloud
should provide strong security to avoid such
8/7/2019 secure cloud
http://slidepdf.com/reader/full/secure-cloud 7/8
pro blems. Strong encryption algorithms and
biometri c systems could solve this pro blem.
Availa bility :
The users should be able to access their files
anywhere, anytime. For this, the users files should
be copied redundantly and stored on multiple
servers, so that even if one server is down, the other
servers can make up.
Memory management : Virtual Machine Lock
(VML):
In this paper I mainly concentrate on
securing the primary memory. Because other issues
regarding securing the secondary storage has many
satisfa ctory solutions already (like encryption ). But
such algorithms in the primary memory would
delay the access time and fails to realize the real
benefit of cloud computing.
Cloud computing is nothing but a cluster of
Virtual Ma chines (VM) running on a single
hardware platform. A virtual machine is very similar to an appli cation in a normal PC. It has its
own memory. Each user uses a VM. We don¶t have
much information about the way these VMs are
implemented in the cloud. But with information we
have from the Open sour ce cloud servi ce
³E ucalyptus´, we can say that, the whole idea of
security wholly depends on the platform called
³H ypervisor´. This hypervisor can run dire ctly on
the hardware or on another OS platform. Eucalyptus
uses ³ Xen´ Hypervisor. The Xen hypervisor
automati cally provides VM-VM confidentiality. ie.
The hypervisor acts like a firewall between the host
OS and the other VM¶s and also between VM¶s. So
its not possi ble for another user to peek into another
person¶s VM. As the host OS is also firewalled,
even the system administrator cannot access the
VMs dire ctly. But there is one more chan ce for the
sysadmins of the cloud to access the user¶s VM¶s
The easiest way to get the cloud data would be to
bribe or trick the system administrator of the cloud
to atta ck the memory. The idea of Virtual Machine
Lock (VML) would bring the doom¶s day for that
too.
Usually a VM in nothing but a node in the
huge primary memory availa ble in the cloud.
Whenever the user demands for a VM, a node is
allotted by the host OS depending on the amount of
memory the user demands. If the node is within the
cloud perimeter, then the hypervisor¶s firewall will
hide the VM¶s data from the sysadmin of the cloud
server. But if the sysadmin writes a code and creates
a jump statement at the starting address of the node,
so that as soon as a VM is allo cated there, it is
diverted to a computer on which the VM has
complete control, then the sysadmin can doanything with that VM because its like accessing his
own R AM. So the danger is when the sysadmin
moves the VM out of the cloud. For this purpose I
have devised a method called the VML (V irtual
Machine Lock ), with whi ch we can prevent the
sysadmin from moving the node out of the cloud.
The VML is a 3rd party software, which runs
either independently or bundled along with the
hypervisor. It maintains a data base of the users¶
login IDs, starting addresses of each node and a key
stored there. For using this lock, we will need to
make a small change in the hardware platform. The
memory unit should be divided equally into
chunks/nodes. Then the starting addresses of the
8/7/2019 secure cloud
http://slidepdf.com/reader/full/secure-cloud 8/8
nodes should contain a key (only known to the
VML provider ).
Working:
N ow when the user demands for a VM
through a login ID and password, the host OS allots
a particular node. Immediately, the starting address
of the node, the key, the user¶s login ID are passed
to the VML software which records those in its
data base. Then the user starts using his VM. The
VML software will periodi cally check whether that
particular node is occupied by that particular
login ID. N ow the sysadmin can never move the
node out of the cloud (and that¶s why I call it a
³V irtual Machine Lock´ ). Even if the node has to be
migrated for load balancing, the OS should
communi cate the address of the new node to the
VML. The VML authenti cates the new node and
then allows the host OS to shift the node. So in this
way the user¶s VM is secure from the sysadmin.
Conclusion:
Thus we understand that though cloud
computing has all the hallmarks of becoming the
next paradigm shift in the field of computing, still it
faces some security issues. This paper provides a
better solution for securing the primary memory
using the VML. The future prospe cts of cloud
computing are very bright and I hope we all enjoy
its innumera ble advantages in the near future.
References:
[1]
Distri buted systems ± Andrew
S.Tannen baum, Marten Van Steen.
[2]
Conferen ce on Cloud Computing from
Cloudslam 09
[3]
Dr.Do bb¶s Journal.
[4]
Grid Computing by Ahmar Abbas.
[5]
Foundations of Parallel Processing by R atan
K .Ghosh, R ajat Moona, Phalguni Gupta
[6]
TechCareers from Digit magazine.
[7]
Eucalyptus. com ± Free Cloud servi ce.
[8]
sear chcloud computing.te chtarget. com