CLOUD COMPUTING Web Site: www.ijaiem.org Email: Volume 3, Issue 3, March 2014

advertisement
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 3, Issue 3, March 2014
ISSN 2319 - 4847
CLOUD COMPUTING
1
Er. Simar Preet Singh, 2Er. Anshu Joshi
1
Assistant Professor, Computer Science & Engineering,
DAV University, Jalandhar, Punjab, India
2
Research Scholar, Computer Science & Engineering,
DAV University, Jalandhar, Punjab, India
ABSTRACT
Cloud computing is a new paradigm for new era technology which provides high speed and efficient end user services. Cloud
computing is becoming base platform for storing, running and deploying customers applications and data. Data is stored using
secure protocols and deployed on cloud as per need. The Cloud service architecture includes-Iaas, Paas, Saas service platforms
.Virtualization is the key concept behind the services provided by cloud. Virtual provisioning allocates logical resources from
physical hardware resources by mapping the physical resources to logical entities which differ over architecture but virtual
provisioning makes them equally available on the same platform for utilization without considering design and architecture of
hardware.
Keywords - Cloud Computing, Virtual Provisioning, Iaas, Paas, Saas.
1. INTRODUCTION
Cloud computing concept is to map physical resources to logical resources through virtual provisioning for end user usage
through cloud computing services.
Xaas is cloud computing concept which means everything as a service. Though we know that cloud computing
architecture services are Iaas, Paas and Saas but Xaas is a concept which makes every single component of the system i.e.
IT infrastructure, development and deployment platforms and databases available over the internet as service [1].
Cloud computing is a model for on demand access to a shared pool of logical components (eg N/w servers, storage,
application) that can be rapidly provisioned through virtual provisioning. Cloud is accessible for such services and
services are available through third party vendors or the organization can own their private cloud. Concept of public and
Hybrid cloud is also accounted in cloud computing [7].
Many organizations deploy cloud according to their and they are charged according to their usage. A well established
organization deploys private cloud and a fresher may use public cloud for offloading load on to the cloud. This process is
beneficial for fresher as they pay third parties for using their resources and they do not have to own hardware and
software resources thus cloud services are less expensive method to access services at efficient speed through network.
2. MODELS FOR ACCESSING CLOUD
There are three basic models for deploying and accessing the cloud:
2.1 Public Cloud
A public cloud provides services to end user according to the pay per criteria or free of cost. Public cloud is managed by
third party organizations and the companies, campus or public can have access to the virtualized services through the
internet [2].
2.2 Private Cloud
A private cloud is accessed by the organization for internal usage. Well established companies can afford to have
hardware software services for usage as per their need so they deploy cloud internal to organization but these services are
provided and handled by IT department of the organization and all issues related to security, access and maintenance is
done by the department.
2.3 Hybrid Cloud
Hybrid cloud includes private and public clouds. Most of the organizations own public and private clouds. Make available
public cloud to the users and cost them and internally manage private clouds.
3. CLOUD COMPUTING REFERENCE MODEL
Cloud computing reference model includes computing services which is provided to the end users through three main
platforms that are:
Volume 3, Issue 3, March 2014
Page 106
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 3, Issue 3, March 2014
ISSN 2319 - 4847
Figure 1 Cloud Reference Model [1]
3.1 Infrastructure as Service
Iaas (Infrastructure as a service) model virtualizes the hardware resources like storage devices, hard drives and disk
space, OS, applications all these are accountable as infrastructure. These resources are virtualized into logical components
and made available for usage to the end users. Tools and interfaces are provided to the users to have access over the
resources. Amazon EC2 is such a platform which provides these services [5].
3.1.1 Components of Iaas
i. SLA (Service Level Agreement)
SLA usage in cloud computing provides Qos. SLA made up of stages including SLA monitoring, negotiations,
enforcement and contract definition. The negotiation and contract definition is meant for mutual understanding between
the user and the provider to maintain level of security whereas monitoring and enforcement focus on trust building factor.
Threats to SLA are monitoring and enforcing SLA and maintain Qos.
ii. Utility computing
Utility computing is a service which provides access to resources according to need and pay is done according to the
usage. Utility computing also proves beneficial for organizations which want to grow their scale as it provides efficient
amount of resources when needed.
Threats or challenge in utility Computing are:
First one is that as the large organizations are providing metered services i.e. pay as per use, the next level organizations
are utilizing the same metered services to provide usage to thus management problem arises of this usage of metered
services.
Second challenge is according to pay per use model some attacks may take place if attacker has access over the network
and use the services without paying and all resources got utilized.
iii. Network and Internet Connectivity
The high speed internet connectivity and its bandwidth covering local to wide area networks provides efficient service but
as we know more wide the network services more are the chances of being in threat [3].
Threats concerned with Network and internet connectivity are:
1. Denial of service
2. IP spoofing
3. Man in the middle attack
iv. Virtualization
Virtualization on infrastructure is implemented with the idea that all the physical hardware resources are mapped to
logical resources which are provided for end user usage.
Threats involved in virtualization are
1. Monitoring VM’s from host
2. Protection against communication between host and VM.
3. Modification to VM’s.
v. Computer hardware
Computer hardware encompasses all the physical hardware resources and Security threats to them would be damage to
resources or replacement of the hardware. On utilizing these resources data can be gained illegally.
Volume 3, Issue 3, March 2014
Page 107
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 3, Issue 3, March 2014
ISSN 2319 - 4847
3.1.2 Platform as Service
Platform as service provides a running environment to execute the applications. The concept is all the applications are
deployed on virtual run time environments which are mapped from many different OS and software and run on an
equalized environment. Hadoop is such a platform to access services on virtualized environments.
Threats to the Platform as service are:
First is default application configuration that is if you are deploying an application on cloud then should have an idea how
to secure the application by knowing its default configuration.
Second threat is SSL based threats, SSL layer is more prone to threats and more focus is to exploit the layer and its
implementation.
Third are insecure permissions on the cloud which may lead to attacks on the system.
3.1.3. Software as Service
Software as service platform provides applications which are copy of a single application on virtualized platform to the
end users. Social websites and mail services could be deployed as application and many applications are made to run over
it.
Threats in the software as service level includes
First is weak credentials, weak credentials are result of lack of management of log in procedure of software. The
passwords are protected and other token mechanism provides physical security but same is not in case of cloud security in
software as service. Thus change in passwords must be frequent in order to protect the password from being attacked and
create strong one.
Second is the insecure protocols being used which leads to threat to illegal access to the system.
Third is application flaws that user made make while extending the application by unguided means and leads to flaws in
the system.
4. TECHNOLOGIES LEAD TO CLOUD COMPUTING
4.1. Main Frames
They presented the concept of multiple processors made available to the users as single entity. The advantage of main
frames was their fault tolerant nature.
4.2. Clusters
Cluster is a technology which led to the cloud concept. Clusters are group of computing resources which provides high
computing power and reliable services to the end users and they are not much expensive. They provide high parallel
computing.
4.3 Grid Computing
Grid computing service provides a platform where different resources varying in nature and from different geographical
areas of different organizations are put into a single platform to provide services but grids doesn’t prove to be efficient
technology by means of utilizing resources fully thus its diffusion with new technology was must which proceeded with
cloud computing as one source of improvement over grids.
5. VIRTUALIZATION
Virtualization is to provide abstraction of physical resources into logical resources which are made available to the end
users. Virtualization provides logical entities mapped from actual physical hardware and software resources. The concept
involves a VM i.e. a virtual machine that provides OS, hardware, software logical entities mapped over physical
resources. Java applets run on Java VM not on actual OS is an example to relate the term to real time example. Virtual
Machine adds on to scalability, migration and load balancing capabilities with less maintenance required and more
security on working environment. Less resources and physical machines are used in concept of virtualization making it a
cost effective technology and more demanding. However there are security loop holes in every concept over network so
virtualized components are also prone to security attacks [10].
VMM (Virtual machine monitor) have access and control over the VM’s available in virtual environment. Hypervisor is a
virtualization technique which provides multiple operating systems a virtualized environment to execute and monitor
their execution and these operating systems share virtualized hardware resources to execute their operation. Hypervisor
works on server.
Hypervisor also known as VMM (Virtual machine monitor) has series like KVM provides virtualization for Linux kernel
processors for hardware virtualization extension.
Volume 3, Issue 3, March 2014
Page 108
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 3, Issue 3, March 2014
ISSN 2319 - 4847
5.1 Virtualized Approaches
Approaches to virtualization are
5.1.1 OS based virtualization
In OS based Virtualization host OS have access, control over the hardware resources and also manage VM. The OS based
virtualization has a Host OS which manages the virtualized guest OS on which Guest applications are running and it
provides to these guests access over the physical hardware resources by supporting them on server[6].
Figure 2 Os Based Virtualization [2]
5.1.2 Application Based Virtualization
In application based virtualization the applications are virtualized by placing the application upon the guest OS into a
single VM. So, we could say that each application runs on a single virtual machine with its guest OS and a VM monitor
to look onto working of VM. The applications and OS are specific to the VM mapped over physical hardware which is
allocated by hypervisor to each VM. VM may differ with resources over application deployed, it may require more
resources or less and thus requirements are fulfilled by VMM (Hypervisor) [9].
Figure 3 Application Based Virtualization [2]
5.1.3 Hypervisor Based Virtualization
A hypervisor provides management over the virtual machines that contains the guest OS and the applications running
over the guest OS. A hypervisor allocates hardware resources to individual Virtual machine managed by hypervisor. A
hypervisor interact directly with a Manager VM which has special OS on which application is running like all other
VM’s but this VM manages all other VM’s and thus control of this VM is handed over to the hypervisor[8].
Figure 4 Hypervisor Based Virtualization [2]
A hypervisor can be implemented into two ways, either by directly deploy over hardware or on OS thus providing efficient
memory management. In fig Type 1 hypervisor is the one which is directly implemented on the host- hardware and Type
2 hypervisor is implemented on the host OS which provides virtualization over the hardware and provides virtualized
resources to the hypervisor which further allocates these resources to VM’s. Fig 5 illustrates overview of hypervisor.
Volume 3, Issue 3, March 2014
Page 109
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 3, Issue 3, March 2014
ISSN 2319 - 4847
Figure 5 Hypervisor Overview [7]
5.2 Threats in Virtualization
Users are provided data in abstracted manner that is user has no knowledge from which physical source user got data,
managed by which hypervisor and provided by which virtual machine. Thus user’s data should be protected in process of
virtualization. There are threats in virtualization [4].
5.2.1 Virtual Machine Level Attacks
A virtual machine contains the OS and the application thus data of user may be at risk if attack is been conducted over the
VM. Each VM can be manipulated to fulfill the needs by illegal ways.
5.2.2 Cloud Provider Vulnerabilities
This threat is from the provider side which may inject harmful information which might harm the data in VM like SQL
injections which are injected in the layer of providing services.
5.2.3 Network Attack Surface
The user must protect his infrastructure from network attacks i.e. the attacks available on network may be a virus that
might effects user infrastructure or system.
5.2.4 Authentication and Authorization
Issue is that authentication and authorization is not extended up to the cloud services thus an unauthorized user may leak
in and use the data illegally. Thus the organizations have to indulge in creating their own policies and procedures for
authenticating and authorizing people.
5.2.5 Communication in Virtualization environment
The communication is not secure between cloud and infrastructure so security has to be implemented on the network with
quality parameters.
6. CONCLUSION
Basic service models of cloud have been described in this paper which is base for exploring ahead in this field. The
service model security has been a major issue and many more implementations have to be done to overcome the flaws in
the security implementation. Paper discusses about some of the threats on each service layer. Virtualization is a technique
of mapping physical to logical entities. Virtualization adds on to many advantages but at the same time need to look after
threats in virtualization which could render the services. So, virtualization is also centered as topic needs more study and
improvement over security.
References
[1] Rajkumar Buyya, Christian vecchiola, S. Thamarai Selvi, Mastering cloud Computing Foundations and
Applications programming, Elsevier publication, 2013.
[2] Faraz sabahi, secure virtualization for cloud computing using Hypervisor based Technology, International Journal
of machine learning and computing, Vol2, February 2012.
[3] Rajesh Piplode and Umesh Kumar Singh, An overview and study of security and challenges in cloud computing,
Vol 2, Issue 9, Sept 2012.
[4] Gouglidis Antonios, “Towards new access control models for Cloud Computing Systems,” in Proc. Kaspersky – IT
Security for the Next Generation – European Cup, 2011.
[5] Nils Gruschka and Meiko Jensen, “Attack Surfaces: Taxonomy for Attacks on Cloud Services”. IEEE rd
International Conference on Cloud Computing, 2010.
[6] J. Salmon, “Clouded in uncertainty – the legal pitfalls of cloud computing”, computing, 24 Sept 2008.
[7] J. Heiser and M. Nicolett, “Assessing the security risks of cloud computing,” Gartner Report, 2009,
Volume 3, Issue 3, March 2014
Page 110
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 3, Issue 3, March 2014
ISSN 2319 - 4847
[8] D.Catteddu, Giles Hogben: European Network and Information Security Agency, November 2012.
[9] Anthony T.Velte, Toby J.Velte and Robert Elsenpeter 2010. “Cloud Computing- A Practical Approach”. Publishing
of Tata Mc GRAW Hill.
[10] A. Damodaram and H. Jayasri, "Authentication without Identification using Anonymous Credential System",
International Journal of Computer Science and Information Security (IJCSIS), vol. 3(1), 2009, pp. 34-37.
AUTHORS
Anshu Joshi, a Student of M.Tech (Computer Science & Engineering) from DAV University, Jalandhar has completed B.
Tech (Computer Science & Engineering) from Lovely Professional University, Jalandhar. She has published papers in
National and International journals. She has undergone training programme in ASP.Net and C#.Net. Her areas of interests
include Database, Cloud Computing and Network Security.
Simar Preet Singh received the degree of B.Tech (Computer Science & Engineering) from Baba Banda Singh Bahadur
Engineering College, Fatehgarh Sahib (India) in 2009 and M.Tech (Computer Science & Engineering) from Punjabi
University, Patiala (India), in 2011. He has worked in Infosys Limited for two years. He is a lifetime member of AntiHacking Anticipation Society, India. Apart from this, he is also having certifications like Microsoft Certified Systems
Engineer (MCSE), Microsoft Certified Technology Specialist (MCTS) and Core Java. He had undergone training
programme for VB.Net and Cisco Certified Network Associates (CCNA). He has presented many research papers in various National
and International Journals/Conferences in India and abroad. His area of interest includes Database, Network Security and Network
Management. He is presently working as Assistant Professor in ‘Computer Science & Engineering’ at DAV University, Jalandhar
(India).
Volume 3, Issue 3, March 2014
Page 111
Download