Apr 8, 2017 - Cloud computing is a virtualization technology which uses sharing the pool of computer resources. Cloud is an emerging technology which ...
IJCST Vol. 3, Issue 4, Oct - Dec 2012
ISSN : 0976-8491 (Online) | ISSN : 2229-4333 (Print)
Understanding Shared Technology in Cloud Computing and Data Recovery Vulnerability 1 1,2,3,4
Tribikram Pradhan, 2Mukesh Patidar, 3Keerthi Reddy, 4Asha A
Software Technology, School of Information Technology and Engineering (SITE), VIT University, Vellore, Tamil Nadu, India
Abstract Cloud computing is a virtualization technology which uses sharing the pool of computer resources. Cloud is an emerging technology which combines the features of traditional computing technology with networking technology like parallel, distributed or grid computing. Cloud computing is a new version of internet evolution which can handle large number of customers at a time by sharing the resources over internet. The data owner can remotely store their data in cloud and enjoy the cloud characteristics like ondemand self service, resource pooling, rapid elasticity, ubiquitous network access, rapid elasticity, measured service. Vulnerability is an important factor of risk in cloud computing which is exploited by threat causing harm to system. Cloud vulnerabilities include unauthorized access to management interface, internet protocol vulnerabilities, data recovery vulnerability and metering and billing evasion. Management interface is required for cloud computing on demand characteristics. Unauthorized access to management interface is an issue. The cloud services are accessed over internet using the standard protocol which is entrusted so the network vulnerability is relevant to cloud computing. In cloud we are enjoying pay-peruse that is the service we are using are metered. In this paper is focusing on data recovery vulnerability which uses the cloud characteristics of resource pooling and elasticity of resources. In this the resource allocated to one user is reallocated to different user in later time. The solution we are presenting here is giving strong access control, authentication to administrative access and operations, conducting scanning for vulnerability, complete deletion of user’s data after usage, evaluating the unauthorized environment, make a strong service level agreement for vulnerability remediation, strongly encrypting the data. Keywords Cloud Computing, Eucalyptus, Security, Privacy I. Introduction Cloud is an emerging technology which combines the features of traditional computing technology with networking technology like parallel, distributed or grid computing. Virtualization technique provides a pool of resources for computing. It can handle large number of customers at a time by sharing the resources over internet. The cloud deployment models of cloud include private, public and hybrid cloud. Customs entering into an agreement called service level agreement with vendor can utilize the cloud features and services for private or personnel uses. The architecture of cloud computing is categorized into three delivery models namely Infrastructure as a service (IaaS), Platform as a service (PaaS) and Software as a service (SaaS). Web browser security is very important in software as a service because the SaaS applications are accessed through the web browser over internet. Virtual machines have vital role in platform as a service so virtual machine has to be protected from malicious attack like cloud malware. There are various security issues in cloud namely data security,
778
International Journal of Computer Science And Technology
network security, availability, confidentiality, integrity, long term viability. In cloud computing clients’ data are stored in virtual server across the national borders and client has no control over their sensitive data and they are unaware of where the data’s are stored so data privacy and data security is a major issue. Security is provided in cloud by data protection by auditing. The providers have their own identity management system to control access to information and computing resources A. Service Level Agreement First part of this paper is focusing on how to standardize Service Level Agreement (SLA). Put forward some security problem that can be included in SLA. In cloud computing the customer or client has no control over their sensitive data so data security is a problem. Clients are not aware of where the data is stored and processes are running. The standardization of SLA’s handled the following security issues privileged user access, regulatory compliance, data location, data segregation, recovery, investigative support and long term viability. If he customer is misusing the services what legal action to take is also include in SLA. This paper [1] is focusing on how to standardize Service Level Agreement (SLA). Put forward some security problem that can be included in SLA. In cloud computing the customer or client has no control over their sensitive data so data security is a problem. Clients are not aware of where the data is stored and processes are running. In service level agreement the vendor is only providing some assurance. It is an agreement between the customer and the service provider which means that provider can gain the trust of client If he customer is misusing the services what legal action to take is also include in SLA. The information security requirements [2] are coupled with cloud computing deployment model and delivery model. The delivery models include private cloud, public cloud and hybrid cloud. The deployment models include Iaas, Paas and Saas. And information security requirements include availability, identification and authentication, non-repudiation, integrity, confidentiality. One of the important security issue [3] include the data security in which the sensitive data of user must be available means anytime the user can use the data, data integrity in which no one can modify the data and data confidentiality in which only legal person can access the data. According to cloud security alliances [3] the life cycle of data security include processes such as create, store, use, share, archive and destruct. Data stored in cloud encounter so many risks such as unauthorized access, data tempering from malicious cloud service providers and network intruders. The data security requirement includes data encryption if encrypt data stored in cloud it minimize the risk of information leakages, data integrity protection prove no changes occur in data, availability quality should be provide by the provider since in cloud data are stored in different devices if any failure happen to device data loss occur.
w w w. i j c s t. c o m
ISSN : 0976-8491 (Online) | ISSN : 2229-4333 (Print)
B. Cloud Issues The various cloud computing issues [4] include mainly security of customer data since user data is completely distributed in cloud there is a great chance of industrial hackers leak your sensitive data. According to the computing task submitted by user the attacker can analysis the critical task and may leak sensitive data while user accessing the cloud service. To improving reliability, availability, security issue [5] in cloud the provider must consider the following factors like access control and availability managements, vulnerability and problem management, patch and configuration management, counter measure against security problems and monitoring the unauthorized access in cloud environment. Gartner’s seven security issues include privileged user access, regulatory compliances, data location, data segregation, recovery, investigation support, long term viability. The implementation of security issues solution includes avoidance, detection, prevention and recovery which assure clients data in cloud is approximately protected. Cloud is also facing distributed denial of service (DDoS) where huge flood of packets are send to web server but the flexibility of cloud resist it up to an extent. The countermeasures against these attacks include control access to information, manage user access rights, and encourage good access practices, control access to network services, control access to operating systems, control access to applications and systems. C. Hypervisor A hypervisor is one of many virtualization techniques [6] which allow multiple operating systems, termed guests, to run concurrently on a host computer, a feature called hardware virtualization. Virtualization is enabled by a hosting operating system that supports multiple isolated and virtualized guest OS on a single physical server with this characteristic that all are on the same operating system kernel with has control on Hardware infrastructure Exclusively. The hosting operating system has visibility and control over the VMs. This approach is simple but it has vulnerabilities. With the transformation of domestic ISP new requires were proposed, including content integration, cross boundary storage, magnanimity, and centralized storage. [7] Business diversification focused on the needs of storage shared, and especially several terminal expansions were resources, cloud storage appears to be a good solution. Enterprises that are implementing cloud computing [9] by expanding their on-premise infrastructure, should be aware of the security challenges faced by cloud computing. Security threats [11] in cloud include insider threats, outside malicious attack, data loss, service disruption, multitenancy, and loss of control. Insider threat arises when the organization does not have knowledge of the standards and mechanisms which are being used by provider. By network tapping hacker access the sensitive data. Through SLA users can have availability of resources. By active monitoring performance can be increased. Intrusion Detection System with SMTP and SNMP can be used to trace the malicious insiders attack. Honey pots along with strong AAA system should be deployed which will become a difficult task for outside attackers to break through. Service disruption can be overcome by two factors, authentication method and ensuring that the connections are made only from the known IP ranges and DNS names. For maintaining software and hardware security issues [12]are inside threats, access control and system portability should be considered. Through virtualization technology attacker can easily w w w. i j c s t. c o m
IJCST Vol. 3, Issue 4, Oct - Dec 2012
attack by modifying hypervisor in host operating system.Data encryption is done through SSH-tunneling and VPN methods. To protect the security issues of physical system, customers should backup the data before the data is sent to cloud. Firewalls should be installed into systems in order to prevent DoS and DDoS attacks. Some of the security issues [13] faced by organizations are system security for server and database, networking security and user authentication. User authentication is strengthened by Single Sign On (SSO) and Identity and Access Management (IAM) mechanisms. HTTPS and Secure SHell (SSH) protocols can be used to access the information. Whenever a high confidential data in a organization wants to be transmitted then the organizations has to choose IaaS based cloud computing service. To keep track of authentication mechanisms [14] bilinear pairing method is used but it is difficult to implement because of the complexity in its mathematical model. The processing and movement of data is captured by security capture devices which are applicable in small scale cloud computing environments. A Declarative Secure Distributed System (DS2) network protocol is developed using Rapid Net Declarative networking engine and it is specified through Secure Network Data Log (SeNDlog). Security issues such as insider access, visibility, risk management, client side protection, server side protection, access control and identity management are to be addressed. Transparent Cloud Protection System (TCPS) is used to provide integrity. To note the guests’ integration and to keep the virtualization and transparency TCPS is used. Obfuscation and de-obfuscation services are provided by privacy management tool for user-centric design and feedback facility. Various security issues [15] include authentication, identification, availability, policy integration and audit and access control. To address the security issues access control method is used. Role Based Access Control (RBAC) is present to provide secure access control. RBAC defines Cloud User Role Assignment (CURA) and Role Permission Assignment (RPA) algorithms. Cloud Privacy Label is present to prevent access of information by unauthorized users. In private [16] cloud, storing data between on-premise storage products and public cloud requires Nirvanix hNode. By using private cloud, availability is increased. Scalability is achieved by virtualization technique and automated management technique. A routing table is present in central server which contains information like cloud id, server id and user id.. Whenever a user sends a request and central server sends a response all those transactions are recorded into routing table. Several factors of virtualization in cloud [17] have maximized the security risks of cloud implementation. Several companies have started research on eliminating risk factors involved with virtualization of cloud computing Risks associated with virtualization are resource access control, risks of DOS attack, virtualization platform in building network and virtualization platform’s security management. Unifying of resources made it difficult to monitor each specific change. By giving each user access to a directory we can monitor the user access and resource allocations. Security monitoring mechanism for each VM is established to better monitor security. Risks of virtualization can be reduced by using encryption of data, security check of client with server and by monitoring resources on platform. Risks [18] include company introducing cloud computing, risks for Cloud service provider, risk transference, risk mitigation, risk acceptance, risk avoidance Customer has to agree with various International Journal of Computer Science And Technology 779
IJCST Vol. 3, Issue 4, Oct - Dec 2012
terms and conditions at System level, Operation Level and Maintenance Level provided by the cloud provider. Customer has to comprise with very important terms like authentication and secured data protection when moving to cloud. Provider has always risk of data hacking by hackers for which provider is responsible. Provider has to make sure the services are up and running as agreed. Other risk factors include like data disaster, network disaster and network performance. Risk transference means when a risk arises for customer, to whom the risk solving should be assigned. For example when customer has issues with security management, provider has the complete responsibility to solve the issue. In this case the risk is transferred to Provider by Customer. Risk Mitigation is where the service provider specifications are adjusted that is not in initial terms. Risk Acceptance is based on some external conditions like law; this will be agreed by both provider and consumer. These are risks based on different specifications between Provider and Consumer. User or Provider has to negotiate for solution. Providers [19] use Virtual Private Network (VPN) because they maintain same bandwidth and reduce the cost. Service Oriented Architecture (SOA) is maintained to achieve good quality of services. To ensure some security issues like confidentiality, integrity, availability cloud provider should adopt data encryption, access control and back up techniques. Several technologies [20] responsible for cloud implementation like VMs, multitenancy has its own risk factors. Several researches are going on providing greater security solutions for data on cloud. As cloud involves multi-domain, providers are responsible for security and trust for all the domains on which user has data
ISSN : 0976-8491 (Online) | ISSN : 2229-4333 (Print)
available options include web service security, encrypting the data, secure socket layer. Here clients are using provider’s application through internet. B. Platform as a Service (PaaS) Platform as a service provide the users or developer a platform to developing, testing, deploying and hosting web applications. It is mainly providing a wed application environment. Here virtual machine should be protected against cloud attack like cloud malware since virtual machine act as a catalyst in PaaS. So it is important to check authentication and maintaining integrity of application while transferring the data across network. It is mainly deploying the customers application to cloud. C. Infrastructure as a Service (IaaS) Infrastructure as a service is also called hardware as a service. At pay-per use fee the cloud computing vendors dedicated resources are shared by the contracted clients. The layer provide advantages to enterprise users, because they do not need to invest in managing and building information system hardwires. It includes rent processing, storage of data networking. D. Cloud Deployment Models The cloud deployment models mainly include private cloud, public cloud, hybrid cloud and community cloud. Private cloud is owned and operated by the enterpriser. Public cloud is set up within organizations own datacenters. Because of its
II. Cloud Computing Delivery Models Cloud computing architecture is classified to three delivery models namely software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service(IaaS).
Fig. 2: Cloud Deployment Model
Fig. 1: Cloud Delivery Model A. Software as a Service (SaaS) Software as a service is enabled by the presence of infrastructure as a service, the user can access SaaS using wed browser over internet. Here wed browser security is important. The providers of SaaS are Salesforce Customer Relationships Management (CRM) system, Google office productivity application. It is mainly used in business process and industry application. Here application software licensed for use as a service, provide to customer on demand. It is mainly for web application. To enforce data protection
780
International Journal of Computer Science And Technology
Specified internal exposure it is easy to ensure security. Confidentiality is to maintain users data stored in distributed database. It is very important in public cloud. Integrity required while accessing the data due to diligence in cloud environment . Availability is to provide assurance to the users that they have a regular and predictable access to their data by the provider Non repudiation is done by applying e-commerce security protocols and token provisioning to data transmission Public cloud is sold to public and it has a large scale infrastructure. The users can access the cloud using web browser and it based on pay-per use model. Security is main issue here since so many users are accessing the cloud it may subject to malicious attack. Hybrid cloud is combination of two or more clouds that is it is mix of private and public cloud. It provides security to data and application and allows others to access the cloud over internet. Community cloud supports a specific community that shares their concerns. Information security requirements in cloud Identification and authentication here to provide protection to cloud vendor is verifying and validating the user mainly using w w w. i j c s t. c o m
ISSN : 0976-8491 (Online) | ISSN : 2229-4333 (Print)
password and username. Authorization is done in private cloud by system administrator. It is to maintain referential integrity. ‘T’ shows the mandatory requirements and ‘O’ shows optional requirements III. About Eucalyptus Cloud Eucalyptus stands for “Elastic Utility Computing Architecture for Linking Your Programs to Useful Systems”. It is used to implement private cloud computing. It is an open source edition. Eucalyptus is framework used mainly for the implementation of infrastructure as a service (IaaS). Users can control the virtual machines instance in different physical machines. • Eucalyptus architecture • Eucalyptus components In this we are introducing a new option while registering for cloud whether the user is entering the sensitive data or not. If data is sensitive then after usage the cloud provider give the assurance of permanently delete the data. Proposed solutions for the data recovery vulnerability are same as the issues in shared technology.
IJCST Vol. 3, Issue 4, Oct - Dec 2012
5. Server is performing vulnerability scanning 6. Complete deletion of data used by client1 7. Grant access to client2 8. Reallocating resource to client2 Cloud implementation done in ubuntu desktop 11.10 edition and following codes are used to set up cluster controller and storage controller sudo apt-get install eucalyptus cloud eucalyptus-cc eucalyptus-walrus eucalyptus-sc
IV. Proposed System
Fig. 4: A Screen Shot With Ubuntu 64 Bit
A. How to Standardize SLA for Data Recovery Vulnerability? Here the work focusing on data recovery vulnerability in which utilizes the cloud characteristics of resource pooling and rapid elasticity. Resource pooling which is the effect of virtualization is used to provide cloud service in which homogeneous infrastructure are shared by different users. And rapid elasticity in which user can scale up and scale down the resource rapidly and elastically. The data recovery vulnerability comes into play when one resources allocated to one user is reallocated to another user for memory and storage resource their might be a chance for recover the data written by the previous user. In most of the cases deletion means simply deleting the pointer to the memory location where the data is stored and the next user is rewriting the data in same memory location. If a person is coming with the intention of recover the data written by the previous user he can so no security for the sensitive data of the user. So standardize SLA by adding a provision to check whether the data is sensitive or not, for sensitive data the provider should complete delete the data before it is allocated to another user, it add security to user’s sensitive data.
V. Conclusion Although cloud computing technology which set revolutionary changes in the way of using internet, it is not free from security risks and vulnerabilities. Even thought this technology rose as an intention to make human lives easier and better, it also poses some vulnerabilities and security problems. In most cases the data recovery is treated as a good aspect since it help the provider to recovery the user data if any data loss occur. This paper is discussing about the vulnerability aspect of data recovery and proposing solution to that problem. So paper highlight data recovery vulnerability in cloud computing. Now the organization are providing security assurances in cloud computing through service level agreement this paper also discussing how to standardize service level agreement in case of data recovery vulnerability. By following the guidelines discussed in this paper help to solve a great deal of in security in cloud computing in shared technology, saving business owner’s valuable time and investment.
Fig. 3: Solution To Data Recovery Vulnerability 1. The client1 is using the resource of executing the data 2. Client2 is requesting the resource 3. Server authenticating the client 4. Server is providing access control mechanism w w w. i j c s t. c o m
References [1] Balachandra Reddy Kandukuri, Ramakrishna Paturi V, Dr. Atanu Rakshit, “Cloud Security Issues”, IEEE International Conference on Services Computing, 2009 [2] Ramgovind S, Eloff MM, Smith E,“The Management of Security in Cloud Computing”, IEEE, 2010 [3] Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud ComputingV2.1 [Online] Available: http://www.cloudsecurityalliance.org/guidance/csaguide-cn. v2.1.pdf [4] Xiaojun yu, Qiaoyan wen,“A view about cloud data security from data life cycle”, IEEE, 2010. [5] Jianfeng Yang, Zhibin Chen,“Cloud Computing Research and Security Issues”, IEEE, 2010 [6] Farzad Sabahi,“Cloud Computing Security Threats and Responses”, IEEE, 2011 [7] Farzad Sabahi,“Virtualization-Level Security in Cloud Computing”, IEEE, 2011. [8] Zhang Jian-hua, Zhang Nan,“Cloud Computing-based Data Storage and Disaster Recovery”, 2011 International International Journal of Computer Science And Technology 781
IJCST Vol. 3, Issue 4, Oct - Dec 2012
Conference on Future Computer Science and Education [9] Wang Jun-jie, MuSen,“Security Issues and Countermeasures in Cloud Computing”, IEEE, 2011. [10] Alok Tripathi, Abhinav Mishra,“Cloud Computing Security Considerations”. [11] Akhil Behl,“Emerging Security Challenges in Cloud Computing”, 2011. [12] Eystein Mathisen,“Security Challenges and Solutions in Cloud Computing”, 5th IEEE International Conference on Digital Ecosystems and Technologies, 2011, pp. 208-212. [13] Chang-Lung Tsai Uei-Chin Lin Allen Y. Chang Chun-Jung Chen,“Information Security Issue of Enterprises Adopting the Application of Cloud Computing”, 645-649. [14] Farhan Bashir Shaikh, Sajjad Haider,“Security Threats in Cloud Computing”, 6th International Conference on Internet Technology and Secured Transactions, 2011, pp. 214-219. [15] Ziyuan Wang,“Security and privacy issues within the Cloud Computing”, International Conference on Computational and Information Sciences, 2011, pp. 175-178. [16] Palivela Hemant, Nitin.P.Chawande, Avinash Sonule, Hemant Wani,“Development of servers in cloud computing to solve issues related to security and backup”, 2011, pp. 158-163. [17] Xiangyang Luo, Lin Yang, Linru Ma1, Shanming Chu, Hao Dai,“Virtualization Security Risks and Solutions of Cloud Computing Via Divide-Conquer Strategy”, Third International Conference on Multimedia Information Networking and Security, 2011, pp. 637-641. [18] Shigeaki TANIMOTO, Manami HIRAMOTO, Motoi IWASHITA, Hiroyuki SATO, Atsushi KANAI,“Risk Management on the Security Problem in Cloud Computing”, First ACIS/JNU International Conference on Computers, Networks, Systems, and Industrial Engineering, 2011, pp. 147-152. [19] John Harauz, Lori M. Kaufman, Bruce Potter,“Data Security in the World of Cloud Computing”, 2009, pp. 61-64. [20] Hassan Takabi, James B.D. Joshi, Gail-Joon Ahn, “Security and Privacy Challenges in Cloud Computing Environments”, 2010, pp. 24-31. Mr. Tribikram Pradhan: i was born in barghat, Orissa, india. I Received My B.Tech in Computer Science And Engineering From Bhadrak Institute Of Engg. And Tech, Under Biju Pattnaik University and technology, Rourkela, Orissa, India in 2010. Currently I Am Doing My M.Tech In SoftwareTechnology At Vit University, Vellore,Tamil Nadu, India. My Major Research Interests Are In Data Mining, Artificial Intelligence, Automata Theory, Compiler Design, Operating System, Computer Graphics, and VLSI Low Power Technique. i was awarded the best student award in 2005. i have published two papers in the area of image processing and vlsi low power technique. I Have Completed Successfully Research Project Entitled Vertical Fragmentation In Distributed Database System And Enhancement Of Turing Machine To Universal Turing Machine To Halt For Recursive Enumerable Language And Its JFlap Simulation. Currently I Am Doing My Final Project on Application of genetic algorithm and roughest theory for the knowledge extraction and rule induction.
782
International Journal of Computer Science And Technology
ISSN : 0976-8491 (Online) | ISSN : 2229-4333 (Print)
Mr. Mukesh Patidar: I Received My B.Tech in Computer Science And Engineering From PITM Indore, Madhya Pradesh Under RGPV, Bhopal, India in 2011. Currently I Am Doing My M.Tech In Software Technology At Vit University, Vellore, Tamil Nadu, India. My Major Research Interests Are In Data Mining, Cloud Computing , Operating System, Computer Networks, Data Structure and Algorithms. I have completed successfully research project entitled Security Analysis of Ipv6 Campus Network Using Authentication Technique. Currently i am doing my final project on Data Analysis of Stock Market by Using Data Mining and Neural network. Miss Asha Anitha Devi: I Received My B.Tech in Computer Science And Engineering From mount zion college of engineering ,kerala, under MG university, kerala , india. currently I Am Doing My M.Tech In Software Technology At Vit University, Vellore, Tamil Nadu, India. My Major Research Interests Are In cloud computing ,computer networks, operating system unix, linux, data structure,data base management and discrete mathematics. I Have Completed Successfully Research Project Entitled Novel Survey on Detection of DDoS Attack Using Traceback Technique in VoIP Networks . Currently I Am Doing My Final Project on enhancement of cloud computing security. Miss Keerthi M Reddy: I Received My B.Tech in Information Technology From Sreenivasa Institute of Technology and Management Studies Chittore ,Andhrapradesh, India. Currently I Am Doing My M.Tech In Software Technology at Vit University, Vellore, Tamil Nadu, India. My Major Research Interests are in Cloud Computing, Data Base Management System, Information Security, Image Processing, Web Technology and Computer Networks. I have completed successfully research project entitled Recognition of Human iris Patterns for Biometric Display the employee’s salary. Currently I am doing My Final Project on Tuning for Distributed Database Using Evolutionary Approach.
w w w. i j c s t. c o m
