A Layered Security Approach for Cloud Computing Infrastructure
14 Dec 2009-pp 763-767
TL;DR: This paper introduces a practical security model based on key security considerations by looking at a number of infrastructure aspects of Cloud Computing such as SaaS, Utility, Web, Platform and Managed Services, Service commerce platforms and Internet Integration.
Abstract: This paper introduces a practical security model based on key security considerations by looking at a number of infrastructure aspects of Cloud Computing such as SaaS, Utility, Web, Platform and Managed Services, Service commerce platforms and Internet Integration which was introduced with a concise literature review. The purpose of this paper is to offer a macro level solution for identified common infrastructure security requirements. This model with a number of emerged patterns can be applied to infrastructure aspect of Cloud Computing as a proposed shared security approach in system development life cycle focusing on the plan-built-run scope.
Citations
More filters
TL;DR: An extensive review on cloud computing with the main focus on gaps and security concerns is presented, which identifies the top security threats and their existing solutions and investigates the challenges/obstacles in implementing threat remediation.
288 citations
Cites background from "A Layered Security Approach for Clo..."
...From the works of the aforementioned researchers (Archer et al., 2010; Chow et al., 2009; Grobauer et al., 2010; Wrenn, 2010; Yildiz et al., 2009) we can summarize that there is a hardware limitation of compartmentalization....
[...]
...Yildiz et al. (2009) cited the example of mainframes where secure separation is possible but the cost is always unacceptable to the SaaS providers....
[...]
TL;DR: The transformation of traditional Distributed denial-of-service (DDoS) attack into cloud specific Economic Denial of Sustainability (EDoS) attack is explored.
Abstract: “Cloud Computing”, a new wave in the Internet revolution, transforms the kind of services provided over the Internet. The Cloud Services can be viewed from two perspectives, one as Cloud Service Provider and the other as Cloud Service Consumer. Assurance of security in the Cloud Service is a major challenge for the Providers, as it’s the biggest concern for the Consumers to opt for the service, which in turn decides the prospects of the business in Cloud Service. The Security can be administered in the Cloud at various levels and for several types of attacks. The threats and the attacks on the Cloud service can be common prevailing attacks in the internet or can be cloud specific. This paper deals about the threats and the counter measures of the prevailing DDoS attacks on the Cloud Environment as well as the Cloud Specific Vulnerabilities to these attacks. In specific, HTTP and XMLbased DDoS attacks on the cloud service are experimented under proposed security framework for EDoS Protection. A Cloud Service was hosted on Amazon EC2. The Service was targeted by HTTP, XML DDoS attacks from several nodes, which lead to the scaling of the service by consuming more Amazon EC2 resources, which in turn lead to Economic Denial of Sustainability to the Cloud Service under attack. Thus this paper explores the transformation of traditional Distributed denial-of-service (DDoS) attack into cloud specific Economic Denial of Sustainability (EDoS) attack.
83 citations
05 Jul 2010
TL;DR: For the federation of the resources themselves, a resources catalog approach is defined, using the Semantic Web Resource Definition Framework (RDF) along with a common Ontology of Cloud Computing Resources to work across a variety of heterogeneous cloud providers.
Abstract: Working groups have proposed building a layered set of protocols to solve the Cloud Computing interoperability challenge called “Intercloud Protocols”. Instead of each cloud provider establishing connectivity with another cloud provider in a Point-to-Point manner resulting in the n2 complexity problem, Intercloud Directories and Exchanges will act as mediators for enabling connectivity and collaboration among disparate cloud providers. Point to Point protocols such as HTTP are not suitable beyond 1-to-1 models, therefore the discussions around many-to-many mechanisms have been proposed, including XMPP. This paper details the use of an XMPP mechanism for such mediation. On top of that, for the federation of the resources themselves, we define a resources catalog approach, using the Semantic Web Resource Definition Framework (RDF) along with a common Ontology of Cloud Computing Resources to work across a variety of heterogeneous cloud providers.
82 citations
Cites background from "A Layered Security Approach for Clo..."
...Again, using the generally accepted terminology [1][2][3][4][5][6][7], there are Public Clouds, which are analogous to ISP’s and Service Providers offering routed IP in the Internet world....
[...]
...Work detailing high level architectures for Intercloud interoperability were proposed next [4][5]....
[...]
07 Apr 2014
TL;DR: An attack model based on a threat model designed to take advantage of Multi-Tenancy situation only is proposed which will try to recognize the proposed attack model empirically from Google trace logs.
Abstract: As Cloud Computing becomes the trend of information technology computational model, the Cloud security is becoming a major issue in adopting the Cloud where security is considered one of the most critical concerns for the large customers of Cloud (i.e. governments and enterprises). Such valid concern is mainly driven by the Multi-Tenancy situation which refers to resource sharing in Cloud Computing and its associated risks where confidentiality and/or integrity could be violated. As a result, security concerns may harness the advancement of Cloud Computing in the market. So, in order to propose effective security solutions and strategies a good knowledge of the current Cloud implementations and practices, especially the public Clouds, must be understood by professionals. Such understanding is needed in order to recognize attack vectors and attack surfaces. In this paper we will propose an attack model based on a threat model designed to take advantage of Multi-Tenancy situation only. Before that, a clear understanding of Multi-Tenancy, its origin and its benefits will be demonstrated. Also, a novel way on how to approach Multi-Tenancy will be illustrated. Finally, we will try to sense any suspicious behavior that may indicate to a possible attack where we will try to recognize the proposed attack model empirically from Google trace logs. Google trace logs are a 29-day worth of data released by Google. The data set was utilized in reliability and power consumption studies, but not been utilized in any security study to the extent of our knowledge.
79 citations
30 Nov 2010
TL;DR: This paper builds on the technology foundation emerging for the Intercloud and specifically delves into details of Intercloud security considerations such as Trust Model, Identity and Access Management, governance considerations and so on.
Abstract: Cloud computing is a new design pattern for large, distributed data centers. Service providers offering applications including search, email, and social networks have pioneered this specific to their application. Recently they have expanded offerings to include compute-related capabilities such as virtual machines, storage, and complete operating system services. The cloud computing design yields breakthroughs in geographical distribution, resource utilization efficiency, and infrastructure automation. These “public clouds” have been replicated by IT vendors for corporations to build “private clouds” of their own. Public and private clouds offer their end consumers a “pay as you go” model - a powerful shift for computing, towards a utility model like the electricity system, the telephone system, or more recently the Internet. However, unlike those utilities, clouds cannot yet federate and interoperate. Such federation is called the “Intercloud”. Building the Intercloud is more than technical protocols. Ablueprint for an Intercloud economy must bearchitected with a technically sound foundation and topology. As part of the overall Intercloud Topology, this paper builds on the technology foundation emerging for the Intercloud and specifically delves into details of Intercloud security considerations such as Trust Model, Identity and Access Management, governance considerations and so on.
79 citations
References
More filters
[...]
01 Jul 2008
TL;DR: As software migrates from local PCs to distant Internet servers, users and developers alike go along for the ride.
Abstract: As software migrates from local PCs to distant Internet servers, users and developers alike go along for the ride.
2,265 citations
23 Jun 2008
TL;DR: This paper discusses the concept of ldquocloudrdquo computing, issues it tries to address, related research topics, and a ldquistocloud thirdquo implementation available today.
Abstract: ldquoCloudrdquo computing - a relatively recent term, builds on decades of research in virtualization, distributed computing, utility computing, and more recently networking, web and software services. It implies a service oriented architecture, reduced information technology overhead for the end-user, great flexibility, reduced total cost of ownership, on-demand services and many other things. This paper discusses the concept of ldquocloudrdquo computing, issues it tries to address, related research topics, and a ldquocloudrdquo implementation available today.
609 citations
"A Layered Security Approach for Clo..." refers background in this paper
...Cloud computing is receiving traction with businesses and has become increasingly popular for hosting data and deploying software and services....
[...]
23 May 2009
TL;DR: The privacy challenges that software engineers face when targeting the cloud as their production environment to offer services are assessed, and key design principles to address these are suggested.
Abstract: Privacy is an important issue for cloud computing, both in terms of legal compliance and user trust, and needs to be considered at every phase of design. In this paper the privacy challenges that software engineers face when targeting the cloud as their production environment to offer services are assessed, and key design principles to address these are suggested.
600 citations
"A Layered Security Approach for Clo..." refers background in this paper
...We also present a dynamic infrastructure security model....
[...]
31 Oct 2008
TL;DR: The paper describes the concept of computational resources outsourcing, referred to computational grids and a real application, and utilises the results by the Cybersar Project managed by the COSMOLAB Consortium (Italy).
Abstract: ldquoCloud Computingrdquo is becoming increasingly relevant, as it will enable companies involved in spreading this technology to open the doors to Web 3.0. In this work the basic features of cloud computing are presented and compared with those of the original technology: Grid Computing. The new categories of services introduced will slowly replace many types of computational resources currently used. In this perspective, grid computing, the basic element for the large scale supply of cloud services, will play a fundamental role in defining how those services will be provided. The paper describes the concept of computational resources outsourcing, referred to computational grids and a real application. This work utilises the results by the Cybersar Project managed by the COSMOLAB Consortium (Italy).
218 citations
"A Layered Security Approach for Clo..." refers background in this paper
...Although cloud computing provides a number of advantages that include economies of scale, dynamic provisioning, increased flexibility and low capital expenditures, it also introduces a range of new security risks [22]....
[...]
14 Dec 2009
TL;DR: This paper presents a fully distributed framework that enable interested parties determine the trustworthiness of federated cloud computing entities.
Abstract: Deployment of applications and scientific workflows that require resources from multiple distributed platforms are fuelling the federation of autonomous Clouds to create Cyber infrastructure environments. As the scope of federated cloud computing enlarges to ubiquitous and pervasive computing, there will be a need to assess and maintain the trustworthiness of the cloud computing entities. In this paper, we present a fully distributed framework that enable interested parties determine the trustworthiness of federated cloud computing entities.
88 citations
"A Layered Security Approach for Clo..." refers background in this paper
...Key words: Cloud computing, Grid computing, Utility computing, Dynamic infrastructure, Security, Virtualization, Service Oriented Architectures....
[...]