A New Third Party Architecture For Cloud Computing Security Shinto Joseph
Jyothi Thomas
M-Tech Scholar, Department of Computer Science and Engineering Christ University Bangalore,india Email:
[email protected]
Department of Computer Science and Engineering Christ University Bangalore,india
Abstract—In the present day scenario when the security treats are ever increasing, there is a need to develop high end top notch security to ensure that the data being transmitted and stored into the cloud remains intact. This is the motivation behind the current research. Most security architecture currently being used by the cloud service provider’s aren’t efficient to handle new gen security threats. This is because most security are not defined properly. An architecture that differentiates security according to a third party in between client and server of the cloud. This third party software will carry out vulnerability scanning in client side and server side and create a secure tunnel for data movement. Even if one side is not using this architecture we can provide a high level security measures to a certain extent. This paper mainly paper focuses on network and storage domains .while using this architecture the cloud provider and user should not needed to much bothered about the security issues.
are discussed below. Cloud computing security challenges are classified into three broad categories: A. Data protection Data should be protected from disaster so we need to use Raid technologies for protecting it. Also we should protect the data using various encryption technologies. B. User Authentication User should be authorized before he accesses cloud technologies. For verification we can use various technologies like password verification and biometric verification technologies. C. Data break
I. I NTRODUCTION Cloud computing deals with gaining access to hosted service over the internet .These services are generally divided into three types: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). The very elasticity and quick provisioning that cloud computing offers cause various problems to any security architecture [1]. In the current architecture, third party auditor would verify the integrity of the data being stored onto cloud. These third party security measures are not very reliable, as some of the security measures are access control, data encryption etc. This only ensures data integrity of data being stored onto cloud. Each of these research efforts aims to develop a security solution for a specific threat, yet such methods are incompatible with cloud services. From literature survey that was conducted we understood that there is no standard security architecture for cloud computing. With the present security system many attack take place on cloud servers. In order to reduce these attacks a standard cloud computing architecture is essential. This was the driver for us to develop a security standards cloud computing architecture.
Data break is an event in which protected data is stolen by attackers. The compromised information includes many personal information. III. SECURITY DOMAINS Dividing the cloud service and Internet transmission into several security domains with each domain governed by its respective security policy can simplify the deployment of solutions. In client of the proposed architecture we are concerned only about security in network transmission. But in server side we should consider the security issues of network and storage. A. Network Domain The network domain contain the domain of transmission of data. The various outbreaks in the network domain includes man in the middle attacks and denial of service attacks. To overcome these problems various protocols like TLS, SSL,IPsec and network based intrusion technique could be used[1]. B. Storage Domain
II. T HE CLOUD SECURITY CHALLENGES The Cloud Computing provider must make available an extremely protected infrastructure and applications to keep users data protected from unauthorized access by taking some of the security actions. Some of the cloud computing challenges
The main threats while data is in storage are unapproved access, data change and theft. Protection mechanisms include encryption, marking data with different access levels to enable access control. Backup techniques, such as a redundant array of independent disks and data recovery, cover against data loss.
Fig. 1. New Architecture For Cloud Computing Security
IV. NEW ARCHITECTURE FOR CLOUD COMPUTING SECURITY By seriously studying the security issues and the challenges faced by cloud computing and the security architectures available we proposed a new architecture for cloud computing. Our security architecture can be divided into A. The client side architecture The client side architecture includes various components or modules which gets some inputs and provide security measures accordingly to the client side. Client side architecture consists of 3 modules. 1) Input Layer: In this layer inputs are obtained either from users or from automated devices. Input consist of service type, network type and the speed .These parameters determine type of security policy governing the services. • Service type The client side architecture itself determines which type of service the the user is using and the proposed architecture can provide security mechanisums accordingly.The various service types in cloud incude Software as a Service,Platform as a Service,Infrastructure as a Service.These service types require different types of security services like, SaaS requires more security in Database and access control side,Paas requires more security in transmission etc • Network type The risk of outbreak while the service permits through the access network like public Wi-Fi, or wired networks depends on the network being used. The risk is relatively high with a public Wi-Fi access network and relatively
low with a wired intranet.. The cloud service can acquire that value from the terminal location, the IP address range at the users terminal, or border entities at the access network. Normally, the higher the risk, the stronger the security mechanisms must be. • Speed In this layer, user specify the required speed of the network according to their need at that time. If case of the requirement of high speed security measures used in that service will be less. If the user specifies a normal speed many security measures would be provided to protect the service offered at that time. 2) Security policy layer: The security policy receive inputs concurrently and produce the security mechanism parameters on the base of the specified service type, speed, and access network type. The security policys layer is used to evaluate those inputs and produce the proper mix of security parameters. These parameters ensures that security mechanisms to protect the service at a reliable security level[1]. 3) Security mechanism layer: The security mechanisum layer will provide appropriate security mechanisums for each domains.As the client side contains has only network domain the security mecanisum layer provides various security mechanisums for network domain [1]. B. The Server side architecture The server side architecture includes various components or modules which gets some inputs and provide security measures accordingly to the server side. server side architecture consists of 3 modules. 1) Vulnerability scanner: A vulnerability scanner is a plugin that performs the analytical phase of a vulnerability examination. It is also known as vulnerability assessment. Vulnerability analysis defines, identifies, and classifies the security holes (vulnerabilities) in a computer, server, network, or communications infrastructure. A vulnerability scanner trusts on a database that contains all the information required to check a system for security holes in services and ports, differences in packet construction, and possible paths to utilizable programs or scripts. Then the scanner tries to exploit each vulnerability that is revealed. 2) Security Policy: After the vulnerability scanner finds various vulnerabilities in the project. The policy layer will create suitable security mechanisms to protect the cloud in network and storage domains according to the threats detected by vulnerability scanner As mentioned in the client side the security policy layer will choose various security mechanisms for network and storage domains. 3) Security mechanism layer: The security mechanisum layer will provide appropriate security mechanisums for each domains.As the server side contains network and storage domain this layer should provide security mecanisums for network and storage. V. C ONCLUSION The proposed architecture gives advantages such as it provides a third party architecture for security cloud computing,
which enhances the security in both the server and the client side. This architecture also divides the security domains into network and storage domain. Also provides different security mechanisms for each layer. The specialty of the architecture is that the even if it is installed on any one of the sides (client or server)it can provide security to a certain extent. A new architecture can be proposed in order to take care of the low level of security in high network speed. This architecture is of a great important as the security threats to cloud computing increases day by day. ACKNOWLEDGMENT The authors would like to acknowledge the contributions of Ramesh Shahabadker,Bijeesh tv. This work was supported by Department of Computer Science and Engineering Christ University. R EFERENCES [1] Jianyong Chen, Yang Wang and and Xiaomin Wang, ”On-Demand Security Architectur for Cloud Computing” IEEE JULY 2012. [2] H. Takabi, J.B.D. Joshi, and G.J. Ahn, Security and Privacy Challenges in Cloud Computing Environments, Computer, June 2010, pp. 24-31. [3] S. Subashini and V. Kavitha, A Survey on Security Issues in Service Delivery Models of Cloud Computing, J. Network and Computer Applications, vol. 34, no. 1, 2011, pp. 1-11. [4] C. Wang et al., Toward Publicly Auditable Secure Cloud Data Storage Services, IEEE Network, vol. 24, no. 4, 2010, pp. 19-24. [5] Q. Wang et al., Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing, IEEE Trans. Parallel and Distributed Systems, vol. 22, no. 5, 2011, pp. 847-859. [6] L.K. Hu, S. Yi, and X.Y. Jia, A Semantics-Based Approach for Cross Domain Access Control, J. Internet Technology, vol. 11, no. 2, 2010, pp. 279-288. [7] G. Pallis, Clou d Computing: The New Frontier of Internet Computing, IEEE Internet Computing, vol. 14, no. 5, 2010, pp. 70-73. [8] R.P. Lua and K.C. Yow, Mitigating DDoS Attacks with Transparent and Intelligent Fast-Flux Swarm Network, IEEE Network, vol. 25, no. 4, 2011, pp. 28-33 [9] V.H. Pham and M. Dacier, Honeypot Trace Forensics: The Observation Viewpoint Matters, Future Generation Computer SystemIntl J. Grid Computing and E-science, vol. 27, no. 5, 2011, pp. 539-546.
