secure cloud

8/7/2019 secure cloud

http://slidepdf.com/reader/full/secure-cloud 1/8

Paper Name : Secure Cloud Computing usingVML techniqueAuthor Name: M.GANESH

Branch: MCA

Semester: VI semester

Department: MCA

College: RMK Engineering College affiliated withAnna university chennai.

Unique ID: N111042

Email id: [email protected]

Abstract-

Cloud Computing, considered to be the next industrial revolution in the field of computers, facesproblems regarding security and latency. Thesolution for latency is known and that rests in time¶shands to create a transmission medium whichreduces latency time. But still security problemshave not found satisfactory solutions. In the near future, almost everyone will be storing confidential data in the cloud automatically leading to cloud penetration by the hackers. In this paper, I discussabout the basic idea about cloud computing, theproblems faced in implementation, ways to avoid data sniffing and a new approach to prevent datastealing by the cloud service providers themselvesby a concept called Virtual Machine Lock (VML).

Introduction:

Companies can signifi cantly benefit from

cloud computing because of the cut in capital

expenditure and the incredible scalability provided

by the cloud. The resour ces provided by the cloud

can be considered infinite. Computing as a utility

has reached the mainstream. Vendors now rent all

or portions of physi cal machines for hourly periods

for web servi ces. The cloud computing model

emphasizes the ability to scale compute resour ces

on demand. The advantages for users are numerous

as total cost can be close to zero when resour ces are

not in use. The cloud user can pay costs dire ctly

proportional to need rather than allo cating resour ces

according to average or peak load which was thepractice before the advent of cloud computing.

Then you may be wondering why this cloud

computing has not yet started its regime. There are

two main pro blems ± High laten cy and security

threats.

High laten cy becomes a major pro blem in

areas of limited conne ctivity. This pro blem can be

solved in a few years time, as 4G is all set to release

WiMAX and Cisco is in pro cess of inventing a new

kind of Ethernet cable with ultra-low laten cy

exclusively meant for cloud computing. Whereas

the other one named ³ security threat´ is getting

pat ched up regularly. But still the users are afraid if

they would lose their confidential data to ruthlesshackers and dishonest cloud managers. A recent

study surveyed more than 500 c hief executives and

IT managers in 17 c ountries, and found that despite

the potential benefits of cloud computing,

executives ³ trust existing internal systems over

cloud- based systems due to fear about security

threats and loss of control of data and systems´.

One of the most serious concerns is the possi bility

of confidentiality violations. Either mali ciously or

accidentally, cloud provider¶s employees can

tamper with or leak a company¶s data. Such actions

can severely damage the reputation or finan ces of a

company.



In order to prevent confidentiality violations,

The cloud servi ce providers may resort to

encryption as a solution. But encryption works only

for storing data in the secondary storage cloud. But

when it comes to computation, the unen crypted data

should reside in the memory for computation to be

successful.

T he Current Scenario in Cloud Computing:

The field of cloud computing is still in its

infan cy as far as implementation and usage are

concerned, partly because it is a bit inse cure and is

so high resour ce dependent that resear ches in

academi c institutions have not had many

opportunities to analyze and experiment with it. At

the moment, a general understanding of cloud

computing refers to the following concepts : grid

computing, utility computing, software as a servi ce,

storage in the cloud and virtualization. In short, we

don¶t own the necessary hard disk, R AM, or

pro cessor power we need instead we use it from a provider paying him on a on-demand basis similar

to the way we pay the EB b ills.

What is Cloud Computing?

A cloud is nothing but a group of loosely

coupled computers put together. Cloud Computing

is defined in different ways by different people, as

in the case with Web 2 .0. The perspe ctive of the

people differ. But in general we can go with the

definition : ³ Cloud computing is a style of

computing in whi ch dynami cally scala ble and often

virtualized resour ces are provided as a servi ce over

the Internet´. Cloud is not a technology by itself, it

is a way of using the already known technology

³V irtualisation´.

³T he Change´:

So what change can we expe ct from cloud

computing. To explain this in better lets get a bit

retrospe ctive. What change did the Internet bring

into our life? Cloud computing is believed to create

such an impa ct on our lifestyle, business models,

the way we intera ct, etc. Imagine a world without

CD¶s, floppies, pen drives and even hard drives??

That¶s going to be the change that cloud computing

is going to bring.

Reason for the next paradigm ± Cloud

Computing:

Till now our business model needed only

data centers for storing data in secondary storage

devi ces. But nowadays a lot of industries are in



need of powerful pro cessors with a suita ble primary

memory to support it. Even the demand for storage

is increasing phenomenally.

For eg. :

Google pro cesses 20 PB a day (2008)

³ all words ever spoken by human beings´ ~

5 EB

N OAA has ~1 PB c limate data (2007)

CER N ¶s LHC will generate 15 PB a year

(2008)

But there was once a time when Bill Gates

said,´6 40K is ought to be enough for anybody´!!

This clearly shows the steep increase in demand for

resour ces. In a cloud computing model, storage can

be done seamlessly.

N owadays the need for HPC(H igh

Performan ce Computing ) is becoming a basicnecessity for every industry. For instan ce, the N ew

York Times is using Amazon's cloud servi ce to

generate PDF documents of several-de cade old

arti cles. The estimated time for doing the task on

the Times' servers was 14 years, whereas the cloud

provided the answer in one day for a couple

hundred dollars. This is in line with Gordon¶s

Moore¶s Law ± ³T he performan ce of the pro cessor

dou bles every 18 months´. So in future it is

predi cted that processors will be given equal

importan ce as given for storage.

The above data from ARIST A center proves

the aforesaid point that HPC will be considered

equal to (or even more important than ) E nterprise

data storage. By 2018 , only 30% of X86 servers

will serve for Enterprise. Moreover it has been

observed that only 10% of the server¶s resour ces are

used. The concept of virtualization improved the

utilization of storage section and now cloud

computing arrives for drasti cally increasing server

utilization. So to say in a nutshell, you can do things

which you never thought you could. And build an

IT infrastructure more robustly, more efficiently,

more globally, more completely, more quickly, for a

given budget. And this has become the reason formaking the shift to the ³c loud´ indispensa ble.

T he Cloud Stack:

Before using the cloud we must know the basi c

resour ces provided by the cloud providers. The



virtualized resour ces offered by the cloud (a cluster

of systems ) are classified into three types :

1.

Infrastru cture as a servi ce

2.

Platform as a servi ce

3.

Software as a servi ce

Above all these layers runs the ³W eb´. Lets have a

small intro in these layers.

1.

Infrastructure as a service (IaaS):

Providing the necessary hardware like the

primary and secondary storage, pro cessor etc.

Initially it was called Hardware as a Servi ce (by N icholas Carr, the Ameri can technology criti c).

2 .

Platform as a service (PaaS):

Delivering computing platform and solution

stack as a servi ce. An example for a computing

platform is JRE . A solution stack is nothing but a

group of platform servi ces like LAM P(Linux,Apa che,My SQL ,Perl/ PHP) used to run

dynami c we bsites. PaaS is also called cloudware.

3 .

Software as a Service (SaaS):

Providing softwares like MS-Office, Video

Converters online on a pey-per-use basis. This can

be provided in two ways :

Host the appli cation on a web server.

Download the appli cation to the consumer

devi ce and disa bling it automati cally after

the contra ct period is over.

The basic differen ce between a traditional stack and

a virtualized stack is shown below.

E xplanation of the virtualized stack:

Usually we used to have a single OS on a

machine. But using virtualization technology we

can boot many OS ¶s and virtually divide our single

machine in to many machines called ³V irtual

Machines´ or VMs. This concept is the heart of

cloud computing. To say in short, the Hard disk,

R am etc. are shared by many users at the same timeby using a group of loosely coupled systems called

in general as a cloud. So each user is under an

illusion of using his own machine.

Some key points which make Cloud Computing

attractive:

R educed Cost

Scalability

Highly Automated



Flexibility

More Mobility

Self Healing R esilien ce

T hings required for a Cloud Computing

architecture:

A basic c loud computing model should

provide a) H orizontal scalability and b) V ertical

scala bility. Horizontal scalability means the ability

to manage a large num ber of users (also called user

scala bility ). Vertical scalability refers to the ability

of the appli cation to run undeterred and perform

consistently even as load increases. Appropriate

load balan cing and autonomi c pro cedures are

implemented for this purpose.

The attra ctive feature here is that, we need

not deploy any special hardware for this. The servers whi ch are currently availa ble are enough for

the implementation and we can see a lot of cloud

servi ce vendors already like Amazon, Salesfor ce,

GoGrid, SunCloud etc.

Issues in Cloud Computing:

Though the chara cteristi cs of Cloud

computing seem to be awe inspiring, yet it faces

many pro blems as the famous cliché goes, ³T wo

sides of the coin´. Some nota ble things are

The customers are completely dependent on

the servi ce providers.

Latency

Security

General Solutions :

The first issue is something on whi ch the

user has no control. We can compare it to a bank

which is taking care of all our money. The servi ce

providers won¶t close their industry so easily

because a lot of data is involved in it (like shutting

down a bank is extremely rare ).

The second issue is regarding thecommuni cation channels that are laid between the

consumer and the vendor. Currently, most of the

houses get conne cted to the cloud using dialups.

This conne ction will be fairly enough for small

apps. When we get into the hectic industrial sector,

every nanose cond of computation counts. They are



spending lots of money for the processing and

storage and if the laten cy makes a delay, it becomes

unbeara ble. The solution for this lies in the hands of

the OFC developers. Currently we user the

Ethernet, which transmits data at 10 Gb ps. Cis co

introdu ced the DCE ( Data Center Ethernet ) with a

similar capa bility. But in future we can expe ct

Ethernet with 100Gb ps capacity.

The third issue is the pro blem I am going to

address in this paper. Security is the main reason

that has hindered the progress of Cloud Computing.

In cloud computing, we trust all our data to the

vendors, keeping in mind the bright idea of

mobility. But we should be aware that such data can

be tampered by the vendors, as the system

administrators have full-fledged control over the

servers. An inse cure vendor may lead to disrupting

servi ces, loss of priva cy, or even damage the data

stored.

The user¶s information can be stolen from

1. Secondary Storage 2.

Primary Storage

Stealing information from the hard disk or any other

secondary storage is a common thing that we

experien ce everyday. We get malware, spywares,

viruses etc. which try to get into our boot-se ctor and

slowly transfer information. But we already have

enough anti-virus appli cations and anti-spywares to

fight them. But there is a tougher problem in cloud

computing, that¶s the primary memory security.

T he Cloud is Visible :

Cloud computing has all the hallmarks of

becoming a prevalent and valua ble innovation that

IT professionals should use to their advantage.

However, the dangers of hosting and accessing

servi ces and appli cations through the internet also

need to be recognized. When 'in-the- cloud' an

organization can lose tra ck of resour ces: who

controls them and who is currently using whi ch

resour ces.

Placing large amounts of sensitive data in

the globally accessi ble ³c loud´ leaves organizations

open to large distri buted threats. Concentrating a

single company's data in a single location is risky

and multiple companies using the cloud can create a

potentially dangerous scenario. As data breach after

data breach are reported in the media, one of the

key considerations for companies when considering

cloud computing should be how secure data will be

in-the- cloud.

Solutions:

The three main disciplines expe cted from

the cloud providers are :

1. Confidentiality 2.

Integrity

3.

Availa bility

Confidentiality :

The users¶ data should be secure from other users.

Here the word data represents both the secondary

storage and the primary memory data. A

satisfa ctory solution has been found for this. But

still prote cting the primary memory data is not

possi ble. In this paper, I propose an idea to solve

this pro blem.

Integrity :

The user¶s data should not be damaged or modified

by others without the user¶s knowledge. The cloud

should provide strong security to avoid such



pro blems. Strong encryption algorithms and

biometri c systems could solve this pro blem.

Availa bility :

The users should be able to access their files

anywhere, anytime. For this, the users files should

be copied redundantly and stored on multiple

servers, so that even if one server is down, the other

servers can make up.

Memory management : Virtual Machine Lock

(VML):

In this paper I mainly concentrate on

securing the primary memory. Because other issues

regarding securing the secondary storage has many

satisfa ctory solutions already (like encryption ). But

such algorithms in the primary memory would

delay the access time and fails to realize the real

benefit of cloud computing.

Cloud computing is nothing but a cluster of

Virtual Ma chines (VM) running on a single

hardware platform. A virtual machine is very similar to an appli cation in a normal PC. It has its

own memory. Each user uses a VM. We don¶t have

much information about the way these VMs are

implemented in the cloud. But with information we

have from the Open sour ce cloud servi ce

³E ucalyptus´, we can say that, the whole idea of

security wholly depends on the platform called

³H ypervisor´. This hypervisor can run dire ctly on

the hardware or on another OS platform. Eucalyptus

uses ³ Xen´ Hypervisor. The Xen hypervisor

automati cally provides VM-VM confidentiality. ie.

The hypervisor acts like a firewall between the host

OS and the other VM¶s and also between VM¶s. So

its not possi ble for another user to peek into another

person¶s VM. As the host OS is also firewalled,

even the system administrator cannot access the

VMs dire ctly. But there is one more chan ce for the

sysadmins of the cloud to access the user¶s VM¶s

The easiest way to get the cloud data would be to

bribe or trick the system administrator of the cloud

to atta ck the memory. The idea of Virtual Machine

Lock (VML) would bring the doom¶s day for that

too.

Usually a VM in nothing but a node in the

huge primary memory availa ble in the cloud.

Whenever the user demands for a VM, a node is

allotted by the host OS depending on the amount of

memory the user demands. If the node is within the

cloud perimeter, then the hypervisor¶s firewall will

hide the VM¶s data from the sysadmin of the cloud

server. But if the sysadmin writes a code and creates

a jump statement at the starting address of the node,

so that as soon as a VM is allo cated there, it is

diverted to a computer on which the VM has

complete control, then the sysadmin can doanything with that VM because its like accessing his

own R AM. So the danger is when the sysadmin

moves the VM out of the cloud. For this purpose I

have devised a method called the VML (V irtual

Machine Lock ), with whi ch we can prevent the

sysadmin from moving the node out of the cloud.

The VML is a 3rd party software, which runs

either independently or bundled along with the

hypervisor. It maintains a data base of the users¶

login IDs, starting addresses of each node and a key

stored there. For using this lock, we will need to

make a small change in the hardware platform. The

memory unit should be divided equally into

chunks/nodes. Then the starting addresses of the



nodes should contain a key (only known to the

VML provider ).

Working:

N ow when the user demands for a VM

through a login ID and password, the host OS allots

a particular node. Immediately, the starting address

of the node, the key, the user¶s login ID are passed

to the VML software which records those in its

data base. Then the user starts using his VM. The

VML software will periodi cally check whether that

particular node is occupied by that particular

login ID. N ow the sysadmin can never move the

node out of the cloud (and that¶s why I call it a

³V irtual Machine Lock´ ). Even if the node has to be

migrated for load balancing, the OS should

communi cate the address of the new node to the

VML. The VML authenti cates the new node and

then allows the host OS to shift the node. So in this

way the user¶s VM is secure from the sysadmin.

Conclusion:

Thus we understand that though cloud

computing has all the hallmarks of becoming the

next paradigm shift in the field of computing, still it

faces some security issues. This paper provides a

better solution for securing the primary memory

using the VML. The future prospe cts of cloud

computing are very bright and I hope we all enjoy

its innumera ble advantages in the near future.

References:

[1]

Distri buted systems ± Andrew

S.Tannen baum, Marten Van Steen.

[2]

Conferen ce on Cloud Computing from

Cloudslam 09

[3]

Dr.Do bb¶s Journal.

[4]

Grid Computing by Ahmar Abbas.

[5]

Foundations of Parallel Processing by R atan

K .Ghosh, R ajat Moona, Phalguni Gupta

[6]

TechCareers from Digit magazine.

[7]

Eucalyptus. com ± Free Cloud servi ce.

[8]

sear chcloud computing.te chtarget. com

secure cloud

Documents