International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 3, Issue 3, March 2014 ISSN 2319 - 4847 CLOUD COMPUTING 1 Er. Simar Preet Singh, 2Er. Anshu Joshi 1 Assistant Professor, Computer Science & Engineering, DAV University, Jalandhar, Punjab, India 2 Research Scholar, Computer Science & Engineering, DAV University, Jalandhar, Punjab, India ABSTRACT Cloud computing is a new paradigm for new era technology which provides high speed and efficient end user services. Cloud computing is becoming base platform for storing, running and deploying customers applications and data. Data is stored using secure protocols and deployed on cloud as per need. The Cloud service architecture includes-Iaas, Paas, Saas service platforms .Virtualization is the key concept behind the services provided by cloud. Virtual provisioning allocates logical resources from physical hardware resources by mapping the physical resources to logical entities which differ over architecture but virtual provisioning makes them equally available on the same platform for utilization without considering design and architecture of hardware. Keywords - Cloud Computing, Virtual Provisioning, Iaas, Paas, Saas. 1. INTRODUCTION Cloud computing concept is to map physical resources to logical resources through virtual provisioning for end user usage through cloud computing services. Xaas is cloud computing concept which means everything as a service. Though we know that cloud computing architecture services are Iaas, Paas and Saas but Xaas is a concept which makes every single component of the system i.e. IT infrastructure, development and deployment platforms and databases available over the internet as service [1]. Cloud computing is a model for on demand access to a shared pool of logical components (eg N/w servers, storage, application) that can be rapidly provisioned through virtual provisioning. Cloud is accessible for such services and services are available through third party vendors or the organization can own their private cloud. Concept of public and Hybrid cloud is also accounted in cloud computing [7]. Many organizations deploy cloud according to their and they are charged according to their usage. A well established organization deploys private cloud and a fresher may use public cloud for offloading load on to the cloud. This process is beneficial for fresher as they pay third parties for using their resources and they do not have to own hardware and software resources thus cloud services are less expensive method to access services at efficient speed through network. 2. MODELS FOR ACCESSING CLOUD There are three basic models for deploying and accessing the cloud: 2.1 Public Cloud A public cloud provides services to end user according to the pay per criteria or free of cost. Public cloud is managed by third party organizations and the companies, campus or public can have access to the virtualized services through the internet [2]. 2.2 Private Cloud A private cloud is accessed by the organization for internal usage. Well established companies can afford to have hardware software services for usage as per their need so they deploy cloud internal to organization but these services are provided and handled by IT department of the organization and all issues related to security, access and maintenance is done by the department. 2.3 Hybrid Cloud Hybrid cloud includes private and public clouds. Most of the organizations own public and private clouds. Make available public cloud to the users and cost them and internally manage private clouds. 3. CLOUD COMPUTING REFERENCE MODEL Cloud computing reference model includes computing services which is provided to the end users through three main platforms that are: Volume 3, Issue 3, March 2014 Page 106 International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 3, Issue 3, March 2014 ISSN 2319 - 4847 Figure 1 Cloud Reference Model [1] 3.1 Infrastructure as Service Iaas (Infrastructure as a service) model virtualizes the hardware resources like storage devices, hard drives and disk space, OS, applications all these are accountable as infrastructure. These resources are virtualized into logical components and made available for usage to the end users. Tools and interfaces are provided to the users to have access over the resources. Amazon EC2 is such a platform which provides these services [5]. 3.1.1 Components of Iaas i. SLA (Service Level Agreement) SLA usage in cloud computing provides Qos. SLA made up of stages including SLA monitoring, negotiations, enforcement and contract definition. The negotiation and contract definition is meant for mutual understanding between the user and the provider to maintain level of security whereas monitoring and enforcement focus on trust building factor. Threats to SLA are monitoring and enforcing SLA and maintain Qos. ii. Utility computing Utility computing is a service which provides access to resources according to need and pay is done according to the usage. Utility computing also proves beneficial for organizations which want to grow their scale as it provides efficient amount of resources when needed. Threats or challenge in utility Computing are: First one is that as the large organizations are providing metered services i.e. pay as per use, the next level organizations are utilizing the same metered services to provide usage to thus management problem arises of this usage of metered services. Second challenge is according to pay per use model some attacks may take place if attacker has access over the network and use the services without paying and all resources got utilized. iii. Network and Internet Connectivity The high speed internet connectivity and its bandwidth covering local to wide area networks provides efficient service but as we know more wide the network services more are the chances of being in threat [3]. Threats concerned with Network and internet connectivity are: 1. Denial of service 2. IP spoofing 3. Man in the middle attack iv. Virtualization Virtualization on infrastructure is implemented with the idea that all the physical hardware resources are mapped to logical resources which are provided for end user usage. Threats involved in virtualization are 1. Monitoring VM’s from host 2. Protection against communication between host and VM. 3. Modification to VM’s. v. Computer hardware Computer hardware encompasses all the physical hardware resources and Security threats to them would be damage to resources or replacement of the hardware. On utilizing these resources data can be gained illegally. Volume 3, Issue 3, March 2014 Page 107 International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 3, Issue 3, March 2014 ISSN 2319 - 4847 3.1.2 Platform as Service Platform as service provides a running environment to execute the applications. The concept is all the applications are deployed on virtual run time environments which are mapped from many different OS and software and run on an equalized environment. Hadoop is such a platform to access services on virtualized environments. Threats to the Platform as service are: First is default application configuration that is if you are deploying an application on cloud then should have an idea how to secure the application by knowing its default configuration. Second threat is SSL based threats, SSL layer is more prone to threats and more focus is to exploit the layer and its implementation. Third are insecure permissions on the cloud which may lead to attacks on the system. 3.1.3. Software as Service Software as service platform provides applications which are copy of a single application on virtualized platform to the end users. Social websites and mail services could be deployed as application and many applications are made to run over it. Threats in the software as service level includes First is weak credentials, weak credentials are result of lack of management of log in procedure of software. The passwords are protected and other token mechanism provides physical security but same is not in case of cloud security in software as service. Thus change in passwords must be frequent in order to protect the password from being attacked and create strong one. Second is the insecure protocols being used which leads to threat to illegal access to the system. Third is application flaws that user made make while extending the application by unguided means and leads to flaws in the system. 4. TECHNOLOGIES LEAD TO CLOUD COMPUTING 4.1. Main Frames They presented the concept of multiple processors made available to the users as single entity. The advantage of main frames was their fault tolerant nature. 4.2. Clusters Cluster is a technology which led to the cloud concept. Clusters are group of computing resources which provides high computing power and reliable services to the end users and they are not much expensive. They provide high parallel computing. 4.3 Grid Computing Grid computing service provides a platform where different resources varying in nature and from different geographical areas of different organizations are put into a single platform to provide services but grids doesn’t prove to be efficient technology by means of utilizing resources fully thus its diffusion with new technology was must which proceeded with cloud computing as one source of improvement over grids. 5. VIRTUALIZATION Virtualization is to provide abstraction of physical resources into logical resources which are made available to the end users. Virtualization provides logical entities mapped from actual physical hardware and software resources. The concept involves a VM i.e. a virtual machine that provides OS, hardware, software logical entities mapped over physical resources. Java applets run on Java VM not on actual OS is an example to relate the term to real time example. Virtual Machine adds on to scalability, migration and load balancing capabilities with less maintenance required and more security on working environment. Less resources and physical machines are used in concept of virtualization making it a cost effective technology and more demanding. However there are security loop holes in every concept over network so virtualized components are also prone to security attacks [10]. VMM (Virtual machine monitor) have access and control over the VM’s available in virtual environment. Hypervisor is a virtualization technique which provides multiple operating systems a virtualized environment to execute and monitor their execution and these operating systems share virtualized hardware resources to execute their operation. Hypervisor works on server. Hypervisor also known as VMM (Virtual machine monitor) has series like KVM provides virtualization for Linux kernel processors for hardware virtualization extension. Volume 3, Issue 3, March 2014 Page 108 International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 3, Issue 3, March 2014 ISSN 2319 - 4847 5.1 Virtualized Approaches Approaches to virtualization are 5.1.1 OS based virtualization In OS based Virtualization host OS have access, control over the hardware resources and also manage VM. The OS based virtualization has a Host OS which manages the virtualized guest OS on which Guest applications are running and it provides to these guests access over the physical hardware resources by supporting them on server[6]. Figure 2 Os Based Virtualization [2] 5.1.2 Application Based Virtualization In application based virtualization the applications are virtualized by placing the application upon the guest OS into a single VM. So, we could say that each application runs on a single virtual machine with its guest OS and a VM monitor to look onto working of VM. The applications and OS are specific to the VM mapped over physical hardware which is allocated by hypervisor to each VM. VM may differ with resources over application deployed, it may require more resources or less and thus requirements are fulfilled by VMM (Hypervisor) [9]. Figure 3 Application Based Virtualization [2] 5.1.3 Hypervisor Based Virtualization A hypervisor provides management over the virtual machines that contains the guest OS and the applications running over the guest OS. A hypervisor allocates hardware resources to individual Virtual machine managed by hypervisor. A hypervisor interact directly with a Manager VM which has special OS on which application is running like all other VM’s but this VM manages all other VM’s and thus control of this VM is handed over to the hypervisor[8]. Figure 4 Hypervisor Based Virtualization [2] A hypervisor can be implemented into two ways, either by directly deploy over hardware or on OS thus providing efficient memory management. In fig Type 1 hypervisor is the one which is directly implemented on the host- hardware and Type 2 hypervisor is implemented on the host OS which provides virtualization over the hardware and provides virtualized resources to the hypervisor which further allocates these resources to VM’s. Fig 5 illustrates overview of hypervisor. Volume 3, Issue 3, March 2014 Page 109 International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 3, Issue 3, March 2014 ISSN 2319 - 4847 Figure 5 Hypervisor Overview [7] 5.2 Threats in Virtualization Users are provided data in abstracted manner that is user has no knowledge from which physical source user got data, managed by which hypervisor and provided by which virtual machine. Thus user’s data should be protected in process of virtualization. There are threats in virtualization [4]. 5.2.1 Virtual Machine Level Attacks A virtual machine contains the OS and the application thus data of user may be at risk if attack is been conducted over the VM. Each VM can be manipulated to fulfill the needs by illegal ways. 5.2.2 Cloud Provider Vulnerabilities This threat is from the provider side which may inject harmful information which might harm the data in VM like SQL injections which are injected in the layer of providing services. 5.2.3 Network Attack Surface The user must protect his infrastructure from network attacks i.e. the attacks available on network may be a virus that might effects user infrastructure or system. 5.2.4 Authentication and Authorization Issue is that authentication and authorization is not extended up to the cloud services thus an unauthorized user may leak in and use the data illegally. Thus the organizations have to indulge in creating their own policies and procedures for authenticating and authorizing people. 5.2.5 Communication in Virtualization environment The communication is not secure between cloud and infrastructure so security has to be implemented on the network with quality parameters. 6. CONCLUSION Basic service models of cloud have been described in this paper which is base for exploring ahead in this field. The service model security has been a major issue and many more implementations have to be done to overcome the flaws in the security implementation. Paper discusses about some of the threats on each service layer. Virtualization is a technique of mapping physical to logical entities. Virtualization adds on to many advantages but at the same time need to look after threats in virtualization which could render the services. So, virtualization is also centered as topic needs more study and improvement over security. References [1] Rajkumar Buyya, Christian vecchiola, S. Thamarai Selvi, Mastering cloud Computing Foundations and Applications programming, Elsevier publication, 2013. [2] Faraz sabahi, secure virtualization for cloud computing using Hypervisor based Technology, International Journal of machine learning and computing, Vol2, February 2012. [3] Rajesh Piplode and Umesh Kumar Singh, An overview and study of security and challenges in cloud computing, Vol 2, Issue 9, Sept 2012. [4] Gouglidis Antonios, “Towards new access control models for Cloud Computing Systems,” in Proc. Kaspersky – IT Security for the Next Generation – European Cup, 2011. [5] Nils Gruschka and Meiko Jensen, “Attack Surfaces: Taxonomy for Attacks on Cloud Services”. IEEE rd International Conference on Cloud Computing, 2010. [6] J. Salmon, “Clouded in uncertainty – the legal pitfalls of cloud computing”, computing, 24 Sept 2008. [7] J. Heiser and M. Nicolett, “Assessing the security risks of cloud computing,” Gartner Report, 2009, Volume 3, Issue 3, March 2014 Page 110 International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 3, Issue 3, March 2014 ISSN 2319 - 4847 [8] D.Catteddu, Giles Hogben: European Network and Information Security Agency, November 2012. [9] Anthony T.Velte, Toby J.Velte and Robert Elsenpeter 2010. “Cloud Computing- A Practical Approach”. Publishing of Tata Mc GRAW Hill. [10] A. Damodaram and H. Jayasri, "Authentication without Identification using Anonymous Credential System", International Journal of Computer Science and Information Security (IJCSIS), vol. 3(1), 2009, pp. 34-37. AUTHORS Anshu Joshi, a Student of M.Tech (Computer Science & Engineering) from DAV University, Jalandhar has completed B. Tech (Computer Science & Engineering) from Lovely Professional University, Jalandhar. She has published papers in National and International journals. She has undergone training programme in ASP.Net and C#.Net. Her areas of interests include Database, Cloud Computing and Network Security. Simar Preet Singh received the degree of B.Tech (Computer Science & Engineering) from Baba Banda Singh Bahadur Engineering College, Fatehgarh Sahib (India) in 2009 and M.Tech (Computer Science & Engineering) from Punjabi University, Patiala (India), in 2011. He has worked in Infosys Limited for two years. He is a lifetime member of AntiHacking Anticipation Society, India. Apart from this, he is also having certifications like Microsoft Certified Systems Engineer (MCSE), Microsoft Certified Technology Specialist (MCTS) and Core Java. He had undergone training programme for VB.Net and Cisco Certified Network Associates (CCNA). He has presented many research papers in various National and International Journals/Conferences in India and abroad. His area of interest includes Database, Network Security and Network Management. He is presently working as Assistant Professor in ‘Computer Science & Engineering’ at DAV University, Jalandhar (India). Volume 3, Issue 3, March 2014 Page 111