• Tidak ada hasil yang ditemukan

MITIGATING CLOUD VIRTUALIZATION VULNERABILITIES

N/A
N/A
Info
Unduh - Bebas
Protected

Academic year: 2024

Membagikan "MITIGATING CLOUD VIRTUALIZATION VULNERABILITIES"

Copied!
3
0
0

Memuat.... (Lihat teks lengkap sekarang)

Unduh sekarang ( 3 Halaman )

Teks penuh

(1)

International Journal Of Recent Advances in Engineering & Technology (IJRAET)

ISSN (Online): 2347-2812, Volume-1, Issue -3, 2013 9

MITIGATING CLOUD VIRTUALIZATION VULNERABILITIES

SM Bansode

Asst Prof CSE Dept, SGGSIET, Nanded Email : [email protected]

Abstract- Cloud computing is introducing many huge changes to people’s lifestyle and working pattern recently for its infinite benefits. However, the security of cloud computing is the issue for cloud customers. In this paper, cloud computing virtualization vulnerabilities of multiple-tenancy model are discussed and some security strategies are summarized to relieve the common security issues.

Keywords: Cloud computing; multiple-tenancy model;

virtualization;

I. INTRODUCTION

The main idea of cloud computing is to build a virtualized computing resource pool by centralizing abundant computing resources connected with network and present the service of infrastructure, platform and software.

The Cloud Multiple-Tenancy Model

Multiple-tenancy [1,3,11] is an important function characteristic of cloud computing that allows multiple applications of cloud service providers currently running in a physical server to offer cloud service for customers shown in Figure 1. This physical server partitions and processes different customer demands with virtualization. By running multiple virtual machines (VMs) [1] in a physical machine, virtualization enables to share computing resource such as processor, memory, storage, and I/O among different customer‘s applications, and improves the utilization of cloud resources. The technology difficulties of multiple-tenancy model include data isolation, architecture extension, configuration self- definition, and performance customization. Data

isolation means that the business data of multiple customers do not intervene mutually [4, 5].

Architecture extension means that multiple-tenancy should provide a basic framework to implement high flexibility and scalability. Configuration self definition means that cloud computing should support different customers‘ respective demands on its service platform configuration. Performance customization means that cloud computing should assure different customers‘

demands on the performance of multiple-tenancy platform under different workload.

Figure 1 cloud environment

II. VIRTUALIZATION VULNERABILITIES

Single server

Virtual machines run on a single server which poses serious security problems. Virtual monitor should be

‗root secure‘, meaning that no privilege within the virtualized guest environment permits interference with the host system [2, 4]. Some vulnerability has

(2)

International Journal Of Recent Advances in Engineering & Technology (IJRAET)

ISSN (Online): 2347-2812, Volume-1, Issue -3, 2013 10

been found in all virtualization software which can be exploited by malicious, local users to bypass certain security restrictions or gain privileges. For example, the vulnerability of Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system. Vulnerability in Virtual PC and Virtual Server could allow elevation of privilege. A perfection of properties like isolation is yet to be completely achieved.

Ease of reconfiguration

VM‘s can be reconfigured [6, 8, 9] restarted and moved to other servers. The ease of reconfiguration creates an optimal environment to propagate vulnerabilities and unknown configuration errors.

Dormant machines

In public-cloud environments when VM is offline, it‘s still available to any application example, a Web server) that can access the physical server on which it resides [7, 10, 11]. So, a remote user on one VM can access another dormant VM if both reside on the same physical server. Because dormant machines can‘t perform malware scans, they‘re highly susceptible to malware attacks. Exploitation of this vulnerability isn‘t restricted to the VMs on a particular hypervisor. This attack can also affect other physical devices in the cloud. For example, a dormant machine might have been backed up or archived to another server or storage device.

Patch managements

In cloud computing the patch management is done by the user[9,10,12]. Adversaries can easily take this opportunity to attack VMs.

CROSS-VM INFORMATION LEAKAGE

It is the ability of a malicious instance to utilize side channels to learn information about co-resident instances.

III. MAPPING PLACEMENT

Some of the risks are self-evident and relate to the new trust relationship between customer and cloud provider. For example, customers must trust their cloud providers to respect the privacy of their data and the integrity of their computations. It is conceivable that a customer‘s VM could be assigned to the same physical server as their adversary. This may engender a new threat that violates customer confidentiality.

Using the Amazon EC2 service as a case study [1]

show that it is possible to map the internal cloud

infrastructure, identify where a particular target VM is likely to reside, and then instantiate new VMs until one is placed co-resident with the target. Such placement can then be used to mount cross-VM side- channel attacks to extract information from a target VM on the same machine.

Cache based side channel

Extracting cryptographic secrets via cache-based side channels is discussed [1]. Such attacks, in the context of third-party compute clouds, would be incredibly damaging—and since the same hardware channels exist, are fundamentally just as feasible.

Measuring cache usage

An attacking instance can measure the utilization of CPU caches on its physical machine. These measurements can be used to estimate the current load of the machine; Cache-based covert channel. Cache load measurements create very effective covert channels between cooperating processes running in different VMs.

3. Mitigating the risk:

In this paper, we argue that risks arise from sharing physical infrastructure between unknown users.

Some approaches for mitigating this risk are suggested.

In multitenancy model the easiest form of security involves monitoring the network, files, OSs, physical devices, and so on and log inspections. As is true in traditional data centers, monitoring system integrity and evaluating log files provide a critical layer of defense. Because end users might develop applications to be hosted on their VM, the cloud service provider must provide a well- formed process to monitor network and system integrity. Such monitoring can alert the service provider to unexpected changes that could indicate malicious activities. Similarly, log inspections provide insight to OS and application security events. By optimizing log inspection rules, the cloud provider can ease detection of suspicious behavior and ensure timely awareness of this information.

Second, cloud providers may obfuscate both the internal structure of their services and the placement policy to complicate an adversary‘s attempts to place a VM on the same physical machine as its target.

Providers might inhibit network-based co-residence checks. However, such approaches might only slow down, and not entirely stop, a dedicated attacker.

(3)

International Journal Of Recent Advances in Engineering & Technology (IJRAET)

ISSN (Online): 2347-2812, Volume-1, Issue -3, 2013 11

A user might insist on using physical machines populated only with their own VMs and, in exchange, bear the opportunity costs of leaving some of these machines under-utilized.

Thirdly as the cloud services have been built over the internet, any issue that is related to internet security will also affect the cloud services. Resources in the cloud are accessed through the internet; consequently even if the cloud provider focuses on security in the cloud infrastructures, the data is still transmitted to the users through the internet network which may be insecure. As a result, the impact of internet security problems will affect the cloud. Moreover, cloud risks are more dangerous due to valuable resources stored within them and cloud vulnerability. Encryption techniques and secure protocols are not sufficient to assist data transmission in the cloud. Data intrusion of the cloud through the Internet by hackers and cybercriminals needs to be addressed and the cloud environment needs to be secure and private for clients.

REFERENCES:

[1] Ristenpart, TromertE, ShachamH, SavageS.

―Hey,you,get off of my cloud:Exploring information leakage in third-party compute clouds‖ InCCS‘09: Proceedings of the 14th ACM conference on computer and communications security, ACM, NewYork,NY,USA,2009.p.103–15.

[2] Armbrust ,FoxA, GriffithR ―Above the clouds:

A Berkeley view of cloud computing‖

Technical Report UCB/EECS-2009-28,EE CS Department, University of California, Berkeley, February2009.

[3] Flavio Lombardi a, Roberto Di Pietro ―Secure virtualization for cloud computing‖ Elsevier Journal of Networkand Computer Applications 2009.

[4] Michael Armbrust, Armando Fox, Rean Griffit,Anthony D. Joseph Randy H.

Katz,Andrew Konwinski, Gunho Lee, David A.

Patterson, Ariel Rabkin, Ion Stoica, Matei

Zaharia ―Above the Clouds: A Berkeley View of Cloud‖ Computing,Technical Report No.

UCB/EECS-2009-28

[5] Jianhua Chea*, Yamin Duanb, Tao Zhanga, Jie Fana ―Study on the security models and strategies of cloud computing 2011 International Conference on Power‖ Electronics and Engineering Application 1877-7058 © 2011 Published by Elsevier Ltd.

[6] S.Subashinin,V.Kavitha ―survey on security issues in service delivery models of cloud computing Journal of Network and Computer Applications‖ 1084-8045 2010 Elsevier [7] H. Takabi, J.B.D. Joshi, and G.J. Ahn,

―Security and Privacy Challenges in Cloud Computing Environments, Computer‖ June 2010, pp. 24-31

[8] Johns Hopkins University Crypto Corner ―The Threat in the Cloud‖ Matthew Green 2010 IEEE

[9] Lori M. Kaufman, Bruce Potter L ―Can Public Cloud security Meet its Unique challenges? It all Depends‖ July/ August 2012 1540-7993 2010 IEEE

[10] Hassan Takabi and James B.D. Joshi University of Pittsburgh Gail-Joon Ahn Arizona State University ―Challenges in Cloud: Computing Environments‖

NOVEMBER /DECEMBER 2010 IEEE [11] Minqi Zhou† , Rong Zhang , Wei Xie ,

Weining Qian† , Aoying Zhou† ―Security and Privacy in Cloud Computing: A Survey‖

2010 IEEE

[12] Editors: John Steven ―A Security Architecture Stack for the Cloud‖ Building Security In SEPTEMBER/OCTOBER 2010

IEEE



Referensi

Unduh sekarang ( PDF - 3 Halaman - 309.98 KB )

Dokumen terkait

ART Luchi S, Wiwin S, Teguh IB Implementasi Cloud Computing Abstract

Cloud computing is a technology that is possible the user to fill they needs quickly.One of the cloud computing service is Infrastructure as a service to serve a

Design principles for cloud-optimized network applications

Ericsson’s network applications are designed for resil- iency and fault tolerance on multiple levels, based on cloud infrastructure characteristics. This

Apache CloudStack Cloud Computing free ebook download

CloudStack is a solution or a platform for IT infrastructure as a service that allows to pool computing resources which can be used to build public, private and hybrid IaaS

CLOUD COMPUTING: GELOMBANG INFORMATISASI LAYANAN DUNIA BISNIS MASA DEPAN

Berbagai Layanan Cloud Computing yang ditawarkan vendor [2] Service Oriented Architecture (SOA) Salah satu peningkatan pemanfaatan teknologi cloud computing adalah SOA,

View of STUDY AND ANALYSIS OF VIRTUALIZATION AND FAULT TOLERANCE IN CLOUD COMPUTING

CONCLUSION This proposes method is a smart failover strategy for cloud computing using success rate of the computing nodes and virtualization which include the support of load

Analytical Survey Model on Consumption of Cloud Service Models

Cloud providers are offering variety of services infrastructure as a service IAAS, platform as a service PAAS and software as a service SAAS and deployment models Public cloud,

Predicting the Acceptance of Cloud Computing in Higher Education Institutions by Extending the Technology Readiness Theory

771 Items Questions PE3 Advancing studies through using Cloud Computing applications can be helpful to my work or learning PE4 Cloud Computing applications would improve my

Charles Darwin University Digital forensic investigation challenges based on cloud computing characteristics Samy, Ganthan Narayana; Maarop, Nurazean; Abdullah, Mohd Shahidan; Perumal, Sundresan; Albakri, Sameer Hasan; Shanmugam, Bharanidharan; Jeremiah, Premylla

The technologies used by the cloud service providers to offer cloud com- puting services with the cloud computing characteristics may cause some challenges for the data collection and