ISSN: XXXX-XXXX Volume X, Issue X, Month Year

Problems and Solutions: Infrastructure as service

security In Cloud

Ashok Kumar H

Dept of Computer Science and Engineering

BTL Institute of Technology

Bangalore, India

ashokhoskera@gmail.com

Abstract: Cloud Computing intends a trend in

computing model arises many security issues in all

levels such as: network, application, data and host.

These models put up different challenges in security

Depending on consumers, models QOS(quality of

service) requirements. Privacy, authentication, secre-

cy are main concern for both consumers and cloud

providers. IaaS serves as base for other models, if the

security in this model is uncertain; it will affect the

other models too. This paper delivers a examine the

countermeasures and exposures. As a research we

project security Assessment and improvement in Iaas

layer.

1. Introduction The essential models of cloud are namely Software,

Platform, and Infrastructure as service in Cloud

Computing. Above models are accessed by the cus-

tomers or consumers by service via Internet, these

services are usable as pay-as-you-need, where users

can pay only for the resources they use in time. Not

like other services as web hosting. The Price varies

accordingly with QOS requirements. And the models

based on relationship with organization, sorted on

Public, Hybrid and Private. Private cloud is men-

tioned for internal Datacenters in organization but not

for general Public. Some of the Emerging and re-

nowned Cloud Computing Platforms are AMAZON,

WINDOWS AZURE etc. The mix-up between cloud

computing and SOA(Software Oriented Architecture)

are considered to be complementary services which

share common characters. If SOA is set of rules,

principles and Methodologies which are designed to

help communication and system integration irrespec-

tive of development languages & platforms. Cloud

computing is planned for companies to utilize the

bulk capacities instantly without investing for a New-

er Infrastructure, Training, recruiting New staff or to

license the software.

Cloud Computing depends on IaaS to facilitate cheap

and pas-as-you-go power for data storage and other

resources which are shared.

Fig: a) Cloud Delivery Models

We looked into security for each IaaS component

like: Utility Computing (UC), Service Level Agree-

ment (SLA), Platform Virtualization, Networks and

Internet Connectivity, and Computer Hardware.

Component as Service (Caas)

Platform as Service(Paas)

Infrastructure as service(Iaas)

Servers Virtualization

Cloud Computing

International Journal of Innovatory research in Science and Management - IJIRSM

ISSN: XXXX-XXXX Volume X, Issue X, Month Year 10

2. IAAS Components Iaas consists of several components which are devel-

oped through the years, but applying them in out-

sourced and shared environment carry multiple chal-

lenges, breaching the security of any of the compo-

nent will collapse the entire system.

A. Service level Agreement (SLA). Cloud Computing goes forth to set of IT man-

agement complexities. And using SLA is answer

to assure acceptance level of QOS. SLA encom-

passes contract definition, negotiation, moni-

toring and enhancement. Contract definition

and negotiation stage is very important to un-

derstand the benefits and responsibilities for

each party. Any mistakes will affect the security

and leave the client exposure to vulnerabilities.

Monitoring and enforcing SLA is important to

build faith among client.

B. Utility Computing This concept is not new. Its plays a crucial role in

grid computing development. It bundles the resource

(e.g. Bandwidth, storage etc.). As measured service

It reduces the cost in owning resource; client can pay

as per the usage and it’s been developed to help the

scalable systems. Amazon allows second level meth-

od to measure the usages of AWS services and bill

according to the prices for user.

C. Cloud Software

There exist many open sourced cloud software

implementations namely: Nimbus, it binds the

cloud components together. But can’t ensure

the bugs in the software, it provides many soft-

ware, API to perform the manageable functions.

D. Platform Virtualization

Virtualization is a basic technology used in cloud

services which provides the assembling of much

stand-alone system on single platform by

providing the virtualization in computing re-

sources (e.g. CPU, memory, network and stor-

age). Virtualization allows scalability and multi

tenancy.

E. Network and Internet Connec-tivity Toob serve availability & performance, cloud infra-

structure- spans multiple geographical sites to min-

imize the response time and the damage of unpre-

dicted disasters. Each site connected locally as LAN

is connected with other sites by high speed Internet

connections. These sites totally compose the cloud

infrastructure which serves remote clients through

the Internet. Thus, Cloud leaves both the conven-

tional vulnerabilities of Internet and computer net-

works.

Logical network segmentation: A restrictive

and structured network configuration needs tobeap-

pliedinIaaSenvironmentsalongsidethehypervisoriso-

lationpower.VLANprovides isolated segments to

prevent the external VMs from monitoring the in-

ternal traffic; for bridges, instance, unicast, broad-

cast and broadcast traffic on a VLAN segment only

to VMs which are provided with virtual interface in

the segment. Administrator needs to choose the best

connection model, i.e., NAT, Routing or simple

bridging between VLANs. Thus, virtual networks

avoid wasting unnecessary bandwidth and offer-

more security and performance.

Firewalls implementing: using firewalls we enforce

the organization’s security policy by implementing

c e r t a i n rules to check the traffic based on source

IP address and service port.

Traffic encryption: To access the outsourced

infrastructure

On clouds, clients need some secure channels to en-

sure integrity and privacy of transferred data. VPNs

provide encrypted tunnel between client and provid-

er using Layer2

Network monitoring: In IaaS model, providers

are responsible for monitoring the network to sustain

acceptance of QoS. The monitoring process which

includes fault detection, malicious activity and trou-

bleshooting. In cloud, Network monitoring is not so

simple compared with traditional network because

here in cloud is geographically distributed and it de-

pends significantly on the resources sharing. Moreo-

International Journal of Innovatory research in Engineering and Technology - IJIRET

ISSN: XXXX-XXXX Volume X, Issue X, Month Year 11

ver, cloud infrastructure is a public environment

w h i c h contains multiple monitoring records refers

to anonymous users.

F. Computer Hardware

IaaS offers an interface to pool of distributed

physical resources (e.g., Network Components,

Storage Devices and CPU) and delivers shared busi-

ness model to serve many users. Virtualization, as

w e seen previously, it can keep a security of com-

puter resources which are shared and it can control

communication on network level and hardware lev-

el. Even many private organizations usually move

the hardware components to the locked rooms

which are accessible only by trusted and authorized

persons to protect the resources, a survey showed

over 70% of attacks of organizations’ confidential

data occurs internally

Computing resources: An attacker can access

the machine physically. Depending on the intention

of the attacker, we have many scenarios. First scenario

is denying the service by switching off themachineor-

byremovinganyof the hardware resources. This is not

a common attack, but it can spoil the company’s repu-

tation. Hence, IaaS providers should carefully control

the access to the physical resources. Secondscenari-

oisto steal or corrupt company’s specific data for oth-

er companies benefit or own.

Storage r e s o u r c e s : IaaS providers play

very essential role in protecting t h e clients’ data.

Whatever is the level of data security, either it can

be part of retired or replaced storage devices. Usual-

ly, companies don’t have restricted policy to manage

retired devices that could be accidentally given to

untrusted people. Every organization is supposed to

assure the clients’ data security along with life cy-

cle. Encryption would be a better solution, but it

might prevent the accessibility of data to other users.

3. SECURITYMODELFORIAAS

As a result of this research, we proposed a Securi-

ty Model for an IaaS as a guide for providing and

raising security for each layer in IaaS delivery model

as shown in Fig.b. SMI model consists three sides

security model, restriction level and Iaas component

model. The front side of the cubic model is IaaS.

The security model includes three vertical entities

where each entity covers entire IaaS components.

The first entity is Secure Configuration Policy

(SCP) to assure secure configuration for every layer

in IaaS software, Hardware, or SLA configurations;

Fig b) Security Model for Iaas

usually, miss-configuration incidents could lead to

entire security of the system. These can Secure Re-

sources Management Policy (SRMP) which controls

the privileges and management roles. The last entity

is Security Policy Monitoring and Auditing (SPMA)

which is important to track the system life cycle the

restriction policy side specifies level of restriction

for security model entities. The level of Restriction

starts from loose to tight which depends on the cli-

ent, provider and the service requirements.

4. CONCLUSION

IaaS is the basic foundation layer of Cloud Compu-

ting delivery model which consists of multiple

components and technologies. Each component in

Cloud infrastructure service has its vulnerability

which may create an impact on whole Cloud’s

Computing security. In this paper, we tried to inves-

tigate the challenges on security which are associat-

ed with IaaS implementation and deployment.

Based on Our research we tried to propose few solu-

tions for the existing models of IaaS.

International Journal of Innovatory research in Science and Management - IJIRSM

ISSN: XXXX-XXXX Volume X, Issue X, Month Year 12

IaaS Compo-

nent

Threats/Challenges

Solutions

ServiceLevel

Agreement(SLA)

EnforcingSLA, Monitoring

of SLA, and Monitor QoS

attributes.

SLA monitoring and enforcement in

SOA and Web Service Level Agree-

ment (WSLA)framework.

UtilityComputing BillingwithMultiplelevelsofproviders, Measuring

On-demandbillingsystemavailability.

Amazon Dev Pay.

CloudSoftware Attacksagainstwebservices, AttacksagainstXML.

SOAPSecurityExtensions

XMLSignatureandXM-

LEncryption.

Net-

works&Internet

connectivity

DDOS

Man-In-The-Middle attack

(MITM). IPSpoofing.

DNS security and port scanning

IntrusionDetectionSystemandIntrusionPrevention

System (IPS).

LogicalNetworksegmenta-

tionandFirewalls. Traffi-

cencryption.

Networkmonitoring.

Virtualization Securi-

tythreatssourcedfrom

host:

• Monitoring VMs

from host.

• VMs modification.

Communications

between VMs and host.

Securi-

tythreatssourced from

VM:

• Monitoring VMs

from other VM.

Communication

between VMs.

Virtual machines.

VMs

Provisioning and migra-

tion.

Mobility

• ResourcesDenialof

Service

Securi-

tythreatssourcedfromhost:

• Terra

•Trusted Virtual Data-

center

(TVDc)

• Mandatory Access

Control

MAC

• Trusted Cloud Com-

puting

Platform

Securi-

tythreatssourcedfrom

VM:

• IPSec.

• Encryption.

• Xen Security

through Disaggrega-

tion.

•LoBot architecture

for secure provi-

sioning

& migration VM

• VPN.

ComputerHard-

ware

Physicalattacksagainstcomputerhardware.

Datasecurityonretiredorreplacedstoragedevices.

Highsecurelockedroomswithmoni-

toringappliances. Multi-

partiesaccessibilitytoencryptedstorage.

Transparentcryptographicfilesystems.

Self-encryptingenterprisetapedriveTS1120.

International Journal of Innovatory research in Engineering and Technology - IJIRET

ISSN: XXXX-XXXX Volume X, Issue X, Month Year 13

REFERENCES

[1]R.Buyya,C.S.Yeo,andS.Venugopal,“Market-

Oriented Cloud Computing: Vision, Hype, and

Reality for Delivering IT Services asCompu-

tingUtilities,”Proceedings

ofthe10thIEEEInternational Conference on

High Performance Computingand Communica-

tions,

p.9,August2008.[Online].Available:http://arxiv.

org/abs/0808.3558

[2] SLAManagement

Team,SLAManagementHandbook,4thed. Enter-

prisePerspective,2004.

[3]

G.Frankova,ServiceLevelAgreements:WebServices

andSecurity,ser.

LectureNotesinComputerScience. Ber-

lin,Heidelberg:SpringerBerlin

Heidelberg,2007,vol.4607.

[4] P. Patel, A.Ranabahu, and A.Sheth,

“Ser- vice Level Agreement in Cloud

Computing,” Cloud Workshop-

satOOPSLA09, 2009.[Online].Available:

http://knoesis.wright.edu/aboutus/visitors/summ

er2009/PatelReport.pdf

[5] D. Nurmi, R. Wolski, C. Grzegorczyk, G. Ober-

telli, S. Soman, L.Youseff,andD.Zagorodnov,

“TheEucalyptusOpen-Source Cloud- Compu-

tingSystem,”ClusterComputing

andtheGrid,IEEEInterna- tionalSymposi-

umon,vol.0,pp.124–131,2009.