A catalog record for this book is available from the British Library Additional hard and PDF copies can be obtained from [email protected] Cloud computing security - concepts and practice. Inherent dualities in the cloud computing phenomenon spawn diverse strategies for cloud computing success.
Introduction
Types of service models
Platform as a service (PaaS)
Thus, it provides access to the runtime environment for application development and deployment tools. Here, developer has no access to underlying layers of operating system and hardware, but can simply run and deploy their own applications.
Infrastructure as a service (IaaS)
This platform facilitates the ecosystem for programmers/developers to create, test, run and manage applications.
Types of deployments
Public cloud
Private cloud
Hybrid cloud
The availability of these predefined services to the end user depends on the different service model. Moreover, since most of the precious data is transferred to the cloud, it is difficult to maintain its integrity, thus compromising the overall data security.
Vulnerabilities and threats
- Data breaches/data loss
- Denial of service attacks/malware injection
- Hijacking account
- Inadequate change control and misconfiguration
- Insecure interfaces and poor APIs implementation
- Insider threats
- Insufficient credentials and identity/compromised accounts
- Weak control plane/insufficient due diligence
- Shared vulnerabilities
- Nefarious use or abuse of cloud services
- Lack of cloud security strategy/regulatory violations
- Limited cloud usage visibility
The recent growth and easy adaptation of cloud services by organizations leads to a whole new set of issues related to account hijacking. Intruders exploiting vulnerabilities in cloud computing resources can target a user's cloud provider's resources to host malware activity.
Literature review
The cloud server must be equipped with the latest hardware and software to prevent such a problem. Allegedly, this threat can affect the data stored in the cloud server, which is certainly huge on a threat level.
Methodology
As the user begins to use the resources in the cloud, mutual authentication is initiated between the cloud application and the user. If there is an attack on the cloud service, how will the server fend off those attacks.
Existing cloud security solutions
Having public cloud emitters dynamically increases the bandwidth of the community pipeline for the duration of a DDoS attack; it starts shortly after it is discovered, until the time softening begins; and protects internal infrastructure from attack and impact on the delivery of its online services. Broader security coverage that can be more easily completed by combining on-premise and cloud security.
Proposed DDoS solution
In hybrid solutions, another option is to use the DDoS mitigation provider's dedicated capability to detect and block multiple DDoS vectors. The typical response is in the course of a DDoS attack; all site visitors are diverted to the DDoS Mitigation Launcher cloud, where it is scanned, cleaned with attack visitor diagnostics, and removed before being redirected down the backbone to the enterprise information center.
Performance analysis
- Single-tier network architecture
- Three-tier network architecture
- Comparing single- and three-tier architectures
- Single-tier logs and data analysis
- Three-tier logs and data analysis
- Result analysis
Results of single-level architecture attacks obtained before and during the DDoS attack are presented in Figure 15. Results of three-level architecture attacks obtained before and during the DDoS attack are presented in Figure 17.
Conclusion
The authors provide a comprehensive overview of cloud computing security issues in the Internet of Things era. Is it ever necessary to duplicate the largely conflict-free world of things in the world of cloud computing.
Methodologies
We try to look at the situation related to the use of cloud computing from a broader angle by introducing another add-on: the general methodological system-structural design and prospecting ([1], p. 103). The Vedanta scheme characterizes the Indian type of tradition (methodological thinking as actually “understanding”), the mimansa scheme is the Tibetan type (conceptual or “content” thinking), and the Vaisheshika scheme is the new European type.
Results and discussion 1 Preliminary data
Limitations
We limited ourselves to a fraction of the set of publications on the topic of cloud computing and ensuring their security. We limited ourselves to taking into account those works that will be carried out in the Moscow Methodology Circle [34] in relation to systems and methodology [1].
Conclusions
The emergence of the Internet of Things (IoT) and edge computing as a new paradigm creates the potential for increased productivity, but at the same time opens up new opportunities for cyber-attacks, while still being exposed to existing attach vectors such as the well-known denial of service (DDoS) attack, which can take many forms. The popularity of HTTP, developed at CERN in the late 1980s, led to the widespread use of the term.
The structure of the internet: security from data Centre to the edge There is a proverb in the English language that says that a chain is only as strong
WAN technologies—circuit-based communications
We start by briefly reviewing the architecture of communication over the Internet and later consider the new challenges that arise from operating the hardware with values of voltage, frequency, and current that enable more energy efficiency. The structure of the Internet: security from the data center to the edge There is a saying in the English language that a chain is only so strong.
Packet communications
The Structure of the Internet: Security from the Data Center to the Edge. There is a saying in the English language that the chain is so strong. There is a saying in the English language that a chain is only as strong as its weakest link. The definition of the fields in the header (and trailer if present) and the functionality associated with each field define the protocol.
From cloud to edge to fog computing
Cyber security at the edge
General attack vectors
The operating system (OS) is the fundamental software layer upon which the rest of the system software is built. It is recommended to use an encrypted VPN tunnel between the edge server and other elements of the network to counter such attacks.
Physical attacks and countermeasures for edge deployments
These attacks target information leakage from the system and are primarily concerned with discovering secret information such as encryption keys that support modern cryptographic processing. The transient nature of target errors means that an attack can be attempted multiple times and the attack can evolve.
Conclusions
Develop a framework for securing the deployment of cloud-hosted services in a way that ensures tenant isolation. Present recommendations and best practice guidance for securing the deployment of cloud-hosted services based on the framework.
Cloud computing security
Cloud computing
Motivated by this problem, this study presents a framework, CLAMP (Cloud-Based Architectural Approach to Service Provisioning through Multi-tenancy Deployment Models) to ensure the deployment of cloud-hosted services in a way that guarantees isolation between tenants. The research question addressed in this study is: "How can we ensure the deployment of hosted cloud services in a way that guarantees isolation between tenants".
Cloud security
Architectures for cloud-hosted services
Architectural patterns
Multitenancy in a cloud environment
Degrees of multitenancy isolation
A high degree of isolation can be achieved by deploying an application component exclusively to one tenant. Deploying an application component specifically to one tenant can achieve a high degree of isolation.
Implementation of multitenancy isolation
The degree of isolation between tenants accessing a shared application component can be expressed in three patterns of multitenancy (ie, shared component, tenant-isolated component, and dedicated component). Multitenancy can be implemented at different levels of cloud stacks: application layer [16], middleware layer [19] and data layer [20, 21].
Related work on cloud security
Customization has been suggested as a solution to address the hidden limitations of multitenancy, such as complexity, security, scalability, and adaptability [22]. Again, most of the solutions available to incorporate multi-tenancy require some degree of redesign of the cloud service [17, 23].
Framework for securing the deployment of cloud-hosted services for guaranteeing multitenant isolation
Developing the CLAMP framework
It shows how the components of the framework work together to support the task of ensuring the deployment of components of a cloud-hosted service to guarantee multi-tenant isolation. In short, the procedure for implementing the framework can be summarized with the following four steps: (i) Select the appropriate deployment models (one or a combination of several models), (ii) Evaluate the effect of different degrees of isolation on the service hosted in the cloud, (iii) Analyze the deployment requirements of new optimized services.
Developing a security checklist for deployment of cloud-hosted services In addition to the framework, CLAMP, we develop a security checklist to guide
Therefore, it is important for software architects to be able to control the required degree of isolation between tenants that share components of a cloud-hosted application. For example, deploying an application component specifically for one tenant will achieve a high degree of isolation.
Evaluation of framework for securing the deployment of cloud-hosted services
Motivating scenario
This would reduce resource consumption and operating costs, but the performance of other components may be affected when one of them experiences a change in workload. This is a decision challenge that requires an appropriate decision to be made to address the trade-off between a lower degree of isolation versus the possible impact that may occur between components or a high degree of isolation versus the difficulty of high resource consumption and component operating costs.
Applying the CLAMP framework
What is the required level of isolation between tenants accessing the components of the cloud-hosted services. The most important task in step four is to optimize the deployment of components of the cloud-hosted service.
Applying the security checklist
Discussions and recommendations
- Assurance for compliance with legislation and regulatory requirements One of the challenges of implementing cloud security is to provide assurance
- Customizability of the cloud-hosted services and supporting process Customising a cloud-hosted GSD tool (or any cloud-hosted service) can be very
- Errors and sensitivity to workload interference
- Tagging components with the required degree of isolation
This could affect the security of the cloud hosting system in a way we did not expect and thus the degree of tenant isolation that was required. One of the challenges of securing the deployment of a cloud-hosted service is how to handle such cloud-hosted services that have various interdependencies with other service elements with which they interact.
Concluding remarks
In: Proceedings of the 2nd International Workshop on the Quality of Service-Oriented Software Systems; ACM. In: Proceedings of the 2nd International Workshop on the Quality of Service-Oriented Software Systems;.
Knowledge representation: ontology design
As an illustration of the ontology creation process, Figure 1 below shows a design pattern for the "Nuclear Training Center" ontology type used in the project [4]. The RDF browser is another important attribute of the project [4], which distinguishes it from other known solutions in the field of the Semantic Web.
Inductive reasoning in knowledge graphs
Let the student know only the title of the training course: "Physics of the atomic nucleus and particles" and the name of the professor: "I.M. The right side of Figure 5 shows the metadata for the object named "Physics of the atomic nucleus and particles".
Knowledge acquisition: context-sensitive search
Continuous inductive reasoning for the object "Department of Physics, MSU" with the property "includes" and/or reasoning for the object "Physics of Nucleus and Particles" with the property "contains video", the student will be convinced of the validity of Hypothesis 1 and get the solution for Task 1, see Figure 7 below. It is possible to view detected video lectures without leaving the RDF browser workspace, simply by clicking on the corresponding icon in the metadata area for the object named "Lecture 1.
Search context
Users are not always comfortable managing the context of the search, refining and directing the search. The results of the work of the regular search engines are a kind of "raw material".
Relevance, pertinence, and metrics
For the purposes of this article, the relevance of the snippet is the measure of the match between the snippet and the query text. The algorithm for calculating the relevance of one particular fragment is as follows.
Knowledge graphs enrichment: semantic annotation
Selection of network resources for semantic annotation: 1–workspace for entering and editing network addresses (URLs) to be annotated; 2-setting options and loading results of the context-sensitive search; 3 – the most relevant results of the context-sensitive search. Selection of network resources for semantic annotation: 1–workspace for entering and editing network addresses (URLs) to be annotated; 2-setting options and loading results of the context-sensitive search; 3 – the most relevant results of the context-sensitive search.
Related work and conclusion
All results of the work can be saved in files on the user's computer for later study. Exploration and visualization in the web of Big Linked Data: an overview of the state of the art.
