Add to collection(s) Add to saved
  1. Engineering & Technology
Uploaded by Saee Sai

Bikki Sainath termpaper

advertisement 
PRIVACY IN THE MULTI TENANT CLOUD
-
Bikki Sainath (11713559)
To: Chavi Rahlan
ABSTRACT
This document outlines the ERP security challenges in the cloud and their existing solutions. Initially, a
number of definitions associated with ERP systems, cloud computing and multi-tenancy are provided,
along with their respective security and privacy challenges and issues. A number of security issues are
listed, discussed and assigned to the existing solutions below to resolve these issues. This thesis aims to
build an effective approach to the ERP cloud security management model in terms of data storage, data
virtualization, data isolation and access security in the cloud ERP. The following proposed techniques are
used to improve SaaS security for multiple tenants: database virtualization, implementation of data
encryption and search functionality in databases and developed systems, data distribution between tenant
and ERP provider, secure application implementation in multi-environments tenant, authentication
implementation and systems developed together as two-factor authentication and advanced user access
control for multi-tenant cloud ERP.
1. INTRODUCTION
This section focuses on the primary objective of protecting enterprise resource planning (ERP) systems in
the cloud, a new model proposed to protect the ERP environment in the cloud. The main focus is on the
services provided by Saas, PaaS and IaaS to analyze them in relation to problems and privacy security
issues. In addition, this research addresses the issue of how to improve the privacy and security of the
multi-tenant cloud.
1) provide an overview of the models, approaches and requirements of the cloud computing service;
2) understand the relationship between cloud computing security risks and cloud computing models
3) understand the risks, success factors, benefits and main drivers of ERP
4) analyze existing security controls, threats and cloud legal issues;
5) discuss the main security problems of the ERP cloud infrastructure;
6) improve data storage and access security in the ERP cloud;
7) improve the security of the cloud ERP application;
8) propose reliable platform models of the IT environment for cloud computing without vulnerabilities; is
9) propose flexible data storage for cloud computing.
The research methodology is based on a review of the literature on cloud ERP systems to define the
challenges and security problems arising from cloud ERP from the point of view of both the user and the
service provider. We use the best ideas and suggestions collected from the literature review to propose a
model to improve security and privacy in the ERP cloud. In addition, we analyze
ERP cloud architecture to determine security improvement points. Additionally, potential security
attributes are defined to show how our model can meet these requirements taking into account the
challenges discussed. Finally, we designed a model to improve data security and privacy based on
authentication, authorization and encryption.
This document is organized as follows: Section 2 details the background of ERP systems, cloud
computing, cloud ERP and timeshare architecture. Section 3 is a literature review of previous work
related to the above mentioned topics. Section 4 describes the model proposed for
2. BACKGROUND
In this section, we present the theoretical background of the two main topics in this document, namely,
cloud computing service models, cloud computing modes, cloud ERP and multi-tenancy.
2.1. BUSINESS RESOURCE PLANNING (ERP)
With the advent of e-business and the need to exploit multiple sources of information within the
company, ERP (Enterprise Resource Planning) software has emerged as an area of great interest for many
companies. ERP systems currently deal with every aspect of the organization as they provide a highly
integrated solution to meet the requirements of the information system. ERP has become a fundamental
requirement for processing corporate information for large leading companies. Today, ERP systems are
considered an essential information systems infrastructure.
ERP is a software architecture that facilitates the flow of information between the different functions
within a company. Likewise, ERP helps to share information between organizational units and geographic
locations. ERP consists of the administration, documentation, planning and control of all the company
processes and resources of a company. ERP is used to manage and integrate all business functions within
an organization, which generally include a suite of mature business applications and tools for financial
and cost accounting, materials management, sales and distribution, production planning. , human
resources and production. integrated by computer, supply chain and customer information [31].
Successful implementation of ERP systems must result in an organization's excellent project management
to successfully implement it. The ERP implementation project consists of clearly defining the objectives,
developing resources and work plans and keeping track of the progress of the project in programs that
improve the perception of urgent and dependent tasks [35].
2.1.1 LIFE CYCLE ERP
In 1999 Estaves and Pastor proposed an ERP life cycle framework that included structured phases and
consisted of several phases that host organizations had to follow throughout the ERP life cycle [33].
This section focuses on the structured phases of ERP systems, as follows:
• Adoption decision-making phase: this phase allows managers to identify their requirements
for ERP implementation by facing their critical challenges, selecting the best approach.
• Acquisition phase: in this phase, managers must select the product that best suits and is
compatible with the specific and minimized c.
• Use and maintenance phase: ERP packages are applied in this phase to return the expected
benefits with the cloud
2.2. CLOUD INFORMATION
Cloud computing changes the way companies and industries create a new opportunity to run their
processes across the Internet in virtualized dynamic resources provided by the Internet [36].
Cloud computing refers to both applications provided as Internet services and to the hardware and
software systems in the data centers that provide these services. Cloud computing offers the main
opportunities known as X-as-a-Service offerings. This payment model based on public services is
considered one of the main advantages of cloud computing [26]. Prepaid software licenses are not
required; and investments in hardware infrastructure and related maintenance and personnel. Cloud
services users use only the required volume of IT resources and pay only for the volume of IT resources
used. Take advantage of the scalability and flexibility of the cloud. Cloud computing allows for quick and
easy scaling of processing resources required on demand [1] [6] [10] [23].
Commercial cloud computing generally comprises three divisions: platform as service (PaaS),
infrastructure as service (IaaS) and software as service (SaaS). Different models of cloud computing
services help to understand cloud communications. PaaS allows customers to distribute their applications
by accessing different cloud platforms. On the lower level, IaaS provides access to network, system,
operating system management and storage service requirements. SaaS is the best-known segment and
allows customers to purchase the cloud-hosted service by logging into an application [39].
The ERP software that is implemented in a cloud environment becomes "ERP Cloud Software". Most (if
not all) cloud environments are created using virtualization and load balancing technology that allows
applications to be distributed across multiple servers and database resources. Cloud ERP is positioned as
a revolutionary approach to implement ERP solutions. It provides scalable, flexible, convenient, adaptable
and efficient solutions. Cloud ERP as business management software has delivered immense successes to
critical business data [14] [18].
Figure 1 illustrates the security structure of cloud computing, showing the structure of the security
certification framework. This facility allows users to register and have authentication measures to access
the private cloud of cloud computing. Authentication verifies that users are using the data security model,
which allows users to transmit their information to the clouds for storage in protected databases and that
the clouds must be certified to ensure continuous security updates [34].
2.2.1 COMPUTER CLOUD PLATFORM
The first key trends in corporate technology, such as the cloud, the Internet of Things and collaboration,
have been identified as important factors in the reform of international business. One of these intelligent
technologies is cloud computing, which is the main contribution to the transformation of the
manufacturing industry to be enabled with intelligent technologies and IT. In distributed environments,
The analysis of the convergence of IT trends and the evolution of the various cloud computing
technologies has led to be considered multidisciplinary research fields, including utility services,
distributed processing, Internet distribution, virtualization, storage, network computing,
2.2.2 CLOUD COMPUTER DISTRIBUTION MODELS
The cloud computing implementation models are: private, public, community cloud and cross-cloud,
providing a single access point for omnipresent cloud services suitable for different situations and models.
The public cloud computing model can be used in multi-tenant cloud environments by sharing third-party
services and infrastructure located at the external provider. In contrast, the private cloud computing model
can be used in a single tenant environment by sharing the provider's infrastructure and the services of
organizations. The private cloud is suitable for archiving mission-critical and core business applications, a
specific community that shares the most common concerns and interests and can be shared by multiple
companies.
The fourth cloud model is the hybrid cloud that contains multiple public and private clouds, making the
provision of cloud services more challenging due to the greater complexity in determining the
applications distributed through internal and external clouds [36].
2.3. ERP IN THE CLOUDS
ERP software in the cloud serves multiple clients as a platform with a new solution. This concept of cloud
ERP could be confused with ERP hosting, which acts as a third-party supporting software infrastructure
and application services provided by the cloud environment. Others flexible in carrying out their
processes [38]. SaaS supports cloud computing services for companies integrated with communication
capabilities, such as ERP systems [39].
Cloud-based software companies can quickly develop their capabilities because cloud computing can
improve the prospects for ERP implementation in innovative ways. ERP cloud users cloud for the ERP
cloud environment have critical problems with greater responsibilities, such as the possibility of attacks
from the Internet environment or by internal and external security consultants of the cloud provider [38].
Cloud-based ERP is an integrated business suite development that supports ERP, CRM and electronic
delivery model and where application users have the flexibility to configure and subscribe
Security control problems can be reduced through the use of cloud ERP, which helps users avoid
conventional ERP systems, due to advanced security concerns that cloud vendors can use hardware using
IT security experts, which it can be provided by cloud providers with high levels of security, power
processing and storage units. Another essential challenge for ERP in the cloud is to establish adequate
authentication and authorization mechanisms because the cloud provider shares the service with multiple
tenants. The ERP cloud provider, a third party, and the user must have logon roles to access the ERP
cloud application interface using authentication credentials. In the ERP cloud, there are many access
control methods that can be used to secure
2.4. MULTITENENCE ARCHITECTURE
The multi-tenancy concept defines the main objective of increasing the exchange of resources between
SaaS
The customer, called the tenant, pays according to a certain subscription package with remote Internet
hosting for the delivery model of the SaaS software. SaaS has high reliability of services provided at low
cost to offer customers the freedom and ability to own, host and maintain the infrastructure and software
application of the hosting environment [41].
Application-level multi-tenancy is an example of a SaaS application and includes an architectural design
principle that allows multiple clients to be hosted by a single application or server instance. Current multitenant application design models are not flexible, despite multiple variations of multi-client software. The
multi-tenancy architecture is designed for SaaS applications, which allow multiple clients (tenants) to
share the same application. However, this app is flexible enough to allow tenants to customize it to their
specific needs. It is based on a predictable monthly subscription; tenants pay only for what they use [7]
[8] [40].
REVIEW OF THE LITERATURE
Security tends to be more complex in cloud computing and this trend is becoming more pronounced.
Although there are some studies on techniques used in cloud computing, little research enters the field of
cloud ERP.
In, the authors said that providing an ERP platform for small and medium-sized businesses raises
numerous new questions. Many of them are concerned about the emergence of multiple possession.
Therefore, mastering multiple ownership is one of the keys to providing an efficient and customizable
platform for business applications. They identified two pillars of a multi-tenancy conscious infrastructure
in the context of personalization, namely the dynamic composition of the instance and the abstraction of
the persistence layer.
In [21], the authors said that cloud computing can be highly efficient and effective; However, along with
these benefits, the vulnerability and security risk have increased, particularly regarding privacy and data
loss. They provided a security threat assessment model to be used to measure threats and negotiate
security service level agreements (SLAs) covering emerging security issues, as well as traditional aspects
of security, such as integrity and confidentiality.
In, the authors proposed an algorithm through which the cloud service provider can provide
In the authors he proposed a double cryptography strategy; one on the client side when uploading files
and the other when distributing files. In addition, they provide backup of data stored in the cloud. They
used the hash message authentication code (HMAC) scheme for data encryption. However, the use of two
encryptions results in twice the duration, which increases the time complexity.
In [2], the authors designed a new reliability model for cloud storage security, which examines all
outgoing cloud requests in real time to identify sensitive data and uses the Trusted Platform Module
(TPM) to encrypt these data. They used the Kerberos authentication service for user authentication.
Kerberosis is an authentication method for authentication requests for a service and they have been used
to authenticate Trustedgateway end users.
In [4], the authors stated that security is a key requirement that must be addressed when designing new
SaaS applications or redesigning existing applications to support multi-tenancy. They proposed a model
called TOSSMA, a tenant-oriented SaaS security management architecture. TOSSMA mitigates four
main problems in multi-tenant cloud applications: loss of
security control, integration of SaaS application security, customization of SaaS application security and
provision of isolation between tenant data.
In the study of [44], the authors attempted to understand data confidentiality by reviewing encryption
techniques. This study concluded that the most common approaches to data encryption are based on RSA,
indicating that most researchers in the cloud computing environment are interested in RSA encryption
techniques. The revealing result of this study showed that the proposed approaches lack validation in
cloud computing, which must be addressed to improve trust [44].
In [45], the authors focused on the security of data storage in the cloud. They evaluated several modern
encryption techniques randomly tested in the cloud computing environment using the pseudo-random
number generator (PRNG) according to NIST statistical tests. The results of
In [46] multi-client without modification. The discussion on designing and implementing multiple tenants
assesses the architectural performance of multiple tenants, including grouping architecture into tenants
and exchanging data between them. In detail, multiple ownership can be used as an important component
of PaaS services, including sharing resources in private clouds.
The study by [43] analyzed security threats and opportunities to provide secure cloud services. It
introduced requirements for secure cloud services, helping to introduce a new research attitude in the
context of security. This study investigated security technologies to establish a secure cloud computing
environment. Analysis of security threats, security technologies and security requirements for cloud
computing services from the perspective of the supplier and the end user.
The authors of [42] provided an overview of the essential differences between multi-tenancy architecture
and other related concepts. The main contribution was the discussion of the multiple relationships
between the main architectural concerns of multi-tenant design. Furthermore, this study discussed and
classified the concepts of performance isolation, quality of service, personalization and persistence.
The authors of [49] aimed to present an investigation into the potential security problems of legacy ERP
deployment in the cloud and cloud computing from both the customer and the vendor's perspective. This
study used a qualitative research methodology when interviewing ERP, cloud computing and ERP cloud
professionals. The results of this study classified architectural security threats, threats, authentication,
authorization and data security into three groups: ERP and ERP cloud security issues, contemporary
challenges in ERP cloud and ERP solutions in the cloud.
The study of [37] showed that configuring the SaaS environment with multi-tenancy ERP can change all
levels of the application. The authors proposed a secure multi-tenant environment using a central
configuration with flexibility to solve security and privacy concerns. In addition, they addressed the
performance issue by using different configuration isolation techniques and tenant database isolation,
providing a high-performance solution for multi-tenant SaaS environments.
Despite the many advantages of cloud ERP systems, there are many likely challenges, problems and
recovery problems. Other issues such as system, performance, system reliability and security issues have
been addressed in [30]. Customers need to make a compromise between different ERP arrangements in
the cloud, such as scalability, security, performance, interoperability and network support services [28]. In
[22], a number of cloud ERP solutions were discussed to determine the benefits of adopting internal
solutions.
In this document, the authors motivate large companies to use internal ERP solutions because of their
greater customization capabilities. In addition, cloud ERP solutions are limited to their suppliers. ERP
solutions in the cloud are difficult to modify according to the needs of organizations because their
flexibility is still adequate. Multiple leasing solutions increase the complexity of ERP systems, despite
their proportionate advantages. Customization of the multi-tenancy ERP cloud is partially solved. In
addition, all tenants can be updated at the same time, however it is difficult to configure customer specific
topics because it requires the redistribution of each tenant from the configuration data [16].
PaaSandSaaScausedatasicurità challenges and problems. The challenges of SaaS applications are similar
to those of Web applications, but protecting them from attacks requires more than traditional security
solutions. SaaS providers must protect the software provided and PaaS must protect the platforms of these
services and new security approaches are required [15]. The literature provides limited resources related
to ERP cloud security issues. Some cloud services use a multi-tenant architecture so that multiple users
can access it. The security of the data associated with cloud applications is the responsibility of the
suppliers, while the data must be protected during processing, transfer and storage [15].
A practical solution is to use dynamic credentials to change their values based on the location of the user
or data packets [15]. An alternative solution is to use digital signatures for data security using
recognizable RSA algorithms for data transferred over the Internet to the cloud environment [13]. At the
same time, advanced encryption techniques such as SSL and AES can be used to protect the sending and
archiving of sensitive data included. Some encryption algorithms are used to mitigate attacks on cloud
storage [11]. The use of data prevention tools aims to prevent the leakage of sensitive data from the
clouds through data transmission. In addition, they can help direct the most important data to protect and
identify users' rights and actions with respect to confidential data stored in the clouds.
Data integrity is an additional concern for cloud service providers; ensure that the data is updated,
integrated and available in such a way as to meet the needs and expectations of users.
Cloudsservicescanimprovethesecuritybycontinuallykeepingabackupforeachupdate.Thus a provider
setofprotocolscanbeusedtointegratethenetworksecurity But differentversions thebackupscanmaintain,
partiallyorfullybasedonaspecifiedamountoftime.Fromaphysicalsecurity perspective, the service provider
must support the cloud physical access with strong security measuresandadisasterrecovery.Incontrast,
eachusershouldberesponsibleforhis / herdutiesto
ensuretraceabilityandtousedatalogsfordatarecoveryfromdataloss.
Tenanted authentication and computing have modern opportunities and challenges. Some parties, such as
cloud providers and users in the cloud environment, share general responsibility. In this context, network
security is the user's responsibility to access services on the Internet, while physical security and
additional network security policies, such as firewall rules, are the responsibility of the cloud [9].
Data stored aloud must be taken care of by the security management module to allow users to access
stored data. In addition, business logic is available on the systems used by users and must be open only to
legal users and must be separated from other users' data.
The cloud data storage management module includes three important components: encryption component,
privacy component and backup component. First, encryption uses private or public keys to encrypt
sensitive data stored in the cloud database to ensure that direct access is prevented by business and
application logic. However, the encryption process requires decryption and both are expensive for the
clouds; therefore, to minimize remaining costs, non-confidential data can be stored without encryption.
Second, the privacy component must limit a clear boundary between the data of different users to allow
multiple users to simultaneously save their data in a location that other users can use. Multiple location
allows cloud computing to be accepted by major users, but the interruption between the data of different
users makes it accessible [5].
Third, the backup component ensures that all archived data is periodically backed up for a specific
company to allow the cloud-based corporate system in disaster recovery to restore all archived data. In
addition, all stored backup data must be encrypted to prevent illegal access to confidential data.
3. PROPOSED MODEL
In our proposed security model for the multi-tenant architecture, we provide storage and communication
overhead for verifying authorized cloud users and for accessing the cloud. Our design model can block
design-level data operations by designing efficient block-level encrypted data operations. Furthermore,
we offer a confidential and complete design for data encryption before outsourcing to the cloud server,
while the decryption algorithm can be used on the user side. The data owner can encrypt the data in the
desired file before sending it to the cloud. Our proposed encryption algorithm has several factors;
information is the highest factor when applying a series of rotations for each block character. The
advantages of our proposed encryption in the ERP cloud environment are:
• The encryption algorithm can guarantee the confidentiality of the organization's data based on the
states of the encrypted data; in transmission, in use and in storage location.
• The proposed encryption algorithm can help achieve a secure multiple mandate in the encryption of
cloud data in the ERP cloud environment.
• Data owners can prevent the cloud service provider from accessing data by holding down the
encryption key.
• Optional encryption algorithm provides security for secure data backup in the ERP cloud
environment.
• Our proposed model can be expanded to customize it according to customer needs.
Only the data owner can manage access to the data. You answer a query for a constant period of time that
does not reach the size of the request. Even with all the benefits of public cloud infrastructure, it is widely
recognized that cloud storage presents important obstacles. These obstacles, such as data integrity,
confidentiality, accountability and accessibility, only by authorized users are the main concerns in public
clouds. The customer is assured of cloud data security from internal and external threats, as data security
ensures that only cloud providers can provide access to the data. In the cloud infrastructure, all channels
used to communicate with data owners, customers and cloud service providers are protected for the
exchange of cloud
4. CONCLUSIONS
This research investigated various problems in multiple client applications: loss of security control;
integration of SaaS application security; Customization of SaaS application security; and providing
privacy of tenant data. One of the main purposes is to protect ERP systems in the cloud by using a new
proposed way to protect the ER cloud environment. The main problems limiting the performance of ERP
systems are network requirements, large storage requirements and employee training requirements. In
addition, there are a number of disadvantages, including privacy issues, prohibitive costs compared to
small budgets for small businesses, ERP installation and implementation requirements and maintenance,
training requirements that affect ERP efficiency and time and costs. consumed for ERP Customization. A
practical solution that has been proposed is to use dynamic credentials to change values based on the
location of the user or data packets. Another proposed solution is to use digital signature for data security
using recognizable RSA algorithms for data transferred over the Internet in a cloud environment. The goal
of this study is to develop an effective approach to the ERP cloud security management model in terms of
data storage, data virtualization, data isolation and access security in the cloud ERP.
REFERENCES
[1]
M.A. Vouk, (2008) “Cloud computing–issues, research and implementations”, CIT. Journal of
Computing and Information Technology, Vol. 16, No. 4,pp235-246.
[2]
A. Patel & M. Kumar, (2013) “A Proposed Model for Data Security of Cloud Storage Using
Trusted Platform Module”, International JournalofAdvanced Research in Computer Science and Software
Engineering, Vol. 3, No.4.
[3]
D.P.D.S. Abburu, (2012). “An Approach for Data Storage Security in Cloud Computing”, IJCSI
International Journal of Computer Science Issues, Vol. 9, No.2.
[4]
M. Almorsy, J. Grundy, & A.S. Ibrahim, (2012, June) “Tossma: A tenant-oriented saas security
management architecture”, In Cloud computing (cloud), 2012 IEEE 5th international conference on (pp.
981-988).IEEE.
[5]
S. Subashini & V. Kavitha, (2010), “A Survey on Security Issues in Service Delivery Models of
Cloud Computing”, JournalofNetwork and Computer Applications, Vol. 34, No.1, pp1-11.
[6]
M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R. Katz, Konwinski, A., ... & M. Zaharia, (2010)
“A view of cloud computing”, Communications of the ACM, 53(4),50-58.
[7]
A. Azeez, S. Perera, D. Gamage, R. Linton, P. Siriwardana, D. Leelaratne, ... & P. Fremantle,
(2010, July), “Multi-tenant SOA middleware for cloud computing”, In Cloud computing (cloud), 2010
ieee 3rd international conference on (pp. 458-465).IEEE.
[8]
D. Banks, J. Erickson, & M. Rhodes, (2009), “Multi-tenancy in cloud-based collaboration
services”, Information Systems Journal. BCG(2012).
[9]
M. Armbrust et al., (2009), “A viewofcloud computing”, Communicationsofthe ACM, 53(4),
p.50. Available at:http://inst.cs.berkeley.edu/~cs10/fa10/lec/20/2010-11-10-CS10-L20-AFCloudComputing.pdf [Accessed July 30,2012].
[10]
S.L. Dinesh Kumar Saini, Yousif,, J.H. Sandhya, & V. Khandage, (2011), “Cloud Computing and
EnterpriseResourcePlanningSystems”,ProceedingsoftheWorldCongressonEngineering,Vol.4.
Related documents
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
Cloud Based Business Growth Support Processes
Cloud Based Business Growth Support Processes
Security Position
Security Position
Download
advertisement