Secure Architectures in the Cloud (original) (raw)
Related papers
This research paper aims to explore the underlying cloud computing architectures with respect to security and auditing services. As most of the standards have not been defined yet for cloud computing, academic and industrial researchers are participating with their ideas and proofs. We have surveyed and classified the available cloud computing architectures into three categories which are 1) Architecture of Cloud Computing Security and Auditing, 2) Data Storage Security, Privacy and Auditing of Data Leakage, and 3) Security and Auditing of Malicious Acts. This taxonomy and analysis of existing cloud architectures will be helpful to address the primary issues focusing the security and auditing perspectives in future research.
Towards Trusted Cloud Computing
Cloud computing infrastructures enable companies to cut costs by outsourcing computations on-demand. However, clients of cloud computing services currently have no means of verifying the confidentiality and integrity of their data and computation.
Cloud Security and Energy Efficiency
2017
Cloud computing is the newest distributed computing paradigm and it offers tremendous opportunities to solve large scale scientific problems. However, it presents a range of challenges that need to be addressed in order to be efficiently utilized for workflow applications. With the rapid development of Cloud computing, more and more users deposit their data and application on the cloud. Cloud computing has many characteristics, e.g. multi-user, virtualization, scalability and so on. Because of these new characteristics, usual security technologies can’t make Cloud computing fully safe. Therefore, Cloud computing security becomes the present research focus. With the increasing popularity of the cloud computing model and quick proliferation of cloud infrastructures there are increasing concerns about energy consumption and ensuing impact of cloud computing as a contributor to total CO2 emissions. Due to the growing demand of cloud services, allocation of energy efficient resources (CP...
Providing User Security Guarantees in Public Infrastructure Clouds
The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants -insulated from the minutiae of hardware maintenance -rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organizations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the defined threat model. The protocols allow trust to be established by remotely attesting host platform configuration prior to launching guest virtual machines and ensure confidentiality of data in remote storage, with encryption keys maintained outside of the IaaS domain. Presented experimental results demonstrate the validity and efficiency of the proposed protocols. The framework prototype was implemented on a test bed operating a public electronic health record system, showing that the proposed protocols can be integrated into existing cloud environments. ! Nicolae Paladi is currently a PhD student at Lund University and researcher in the Security Lab at SICS. His research interests include distributed systems security with a special focus on cloud computing, infrastructure security, Internet security, virtualization and mobile platform security, trusted computing, as well as selected topics on privacy, anonymity and personal data protection.
ACM Computing Surveys, 2015
In response to the revival of virtualized technology by , NIST defined cloud computing, a new paradigm in service computing infrastructures. In cloud environments, the basic security mechanism is ingrained in virtualization-that is, the execution of instructions at different privilege levels. Despite its obvious benefits, the caveat is that a crashed virtual machine (VM) is much harder to recover than a crashed workstation. When crashed, a VM is nothing but a giant corrupt binary file and quite unrecoverable by standard disk-based forensics. Therefore, VM crashes should be avoided at all costs. Security is one of the major contributors to such VM crashes. This includes compromising the hypervisor, cloud storage, images of VMs used infrequently, and remote cloud client used by the customer as well as threat from malicious insiders. Although using secure infrastructures such as private clouds alleviate several of these security problems, most cloud users end up using cheaper options such as third-party infrastructures (i.e., private clouds), thus a thorough discussion of all known security issues is pertinent. Hence, in this article, we discuss ongoing research in cloud security in order of the attack scenarios exploited most often in the cloud environment. We explore attack scenarios that call for securing the hypervisor, exploiting co-residency of VMs, VM image management, mitigating insider threats, securing storage in clouds, abusing lightweight software-as-a-service clients, and protecting data propagation in clouds. Wearing a practitioner's glasses, we explore the relevance of each attack scenario to a service company like Infosys. At the same time, we draw parallels between cloud security research and implementation of security solutions in the form of enterprise security suites for the cloud. We discuss the state of practice in the form of enterprise security suites that include cryptographic solutions, access control policies in the cloud, new techniques for attack detection, and security quality assurance in clouds.
Review Paper on Cloud Security
International Journal of Advanced Research in Computer Science and Software Engineering
The ability of a cloud storage framework is to gather the server. A secure cloud is a solid source of data. Cloud Insurance Cloud is an important promise for an expert organization. Today that organization robotizes every day and requires a low-profile framework, so that the information is protected and guaranteed to get control over the system. It was as part of the strategies to control the strategies received for controlling access to the partially acquired use (RBAC) as they are used to limit access to touchy records for customers. One is given access to the part where the approval customer is given the share instead. Customers end allotment to the target that each customer can get to each of his / her portion that is allowed to record. RBAC is a terrific conspiracy on its conversion account. Keywords-WiMAX (Worldwide Inter-operability for Microwave Access), QoS (Quality of Service), QoE (Quality of Experience). I. INTRODUCTION Share of the property on the cloud should be possible on a large scale which is practical and the autonomy of the field. The assets on the cloud can be communicated by providing personal or organization and by administration administered by the administration. This is how different IT services. Sharing essential programmers and request tools for the industry Cloud provides many focal points such as deletion of data on the cloud, it provides limitless capability; Easy access to data gives the client the right to access information from any place to the client. On the contrary, the cloud has opened many issues specifically related to data theft, data fragility and privacy and security. Protecting the cloud from unauthorized users [2] and various threats is an important measure for security providers that are responsible for the cloud because the safe cloud is a continuously dense storage device. It is said that a cloud is great at the time when it is concrete and gives customers better protection. The seller wants to make sure that the seller is getting a secure clock, the trader needs to make sure who gets the information and keeps the server safe. Distributed computing is one more registration model that accesses Administration and Express, which is called Dismantling Administration-Managed Engineering, called Cloud. Cloud Expert associate receives administration and assets to gather information to manage merchandise. The owners of the information have filled their records and stored them on the cloud, and the documents encoded can be given to the buyer. Information customers download written information about their excitement from the cloud and decode them later. Therefore, the cloud must provide stages to store, correct, and use different consumer information. The benefits of using distributed computing include reduced costs, simple and well-to-do offices, use of efficient database and fast response time. Despite the fact that the cloud prefers a different priority, security in the cloud is still an important area of concern, because data proprietors and data buyers are not in the same reliable place. [12] Information confidentiality is not by all the accounts; only safety is needed, flexible, favorable and in control of the penalty. Similarly, there are qualities we need on our Cloud. Different specimens have been proposed for disseminated digital computing, but most of these cannot offer quality such as compatibility, compatibility and better management of the efficiency.
A Review- Cloud and Cloud Security
2017
The distribution of computing resources is done using a new technology called Cloud Computing. The efficient computing and storage can be achieved in an adaptable manner with the services offered by Cloud. The industry has welcomed this technology for achieving the change in information technology but there are risks associated with this technology. The work is in process to avoid such risks and to overcome them. Keywords— Cloud Computing, PaaS, IaaS, SaaS
The cloud concept come by a novel set of exceptional features that open the path toward new safety techniques. Modern attacks have confirmed that cloud systems concerning most important cloud providers might enclose rigorous security flaws in several types of clouds. Providers of Cloud Computing depict a set of software interfaces that customers make use to interrelate with cloud services. Most important accountability concerning system of cloud computing consists in coordinating instance of virtual machines or explicit service functioning unit. The proposal of making usage of multiple clouds is to utilize multiple distinct clouds at equivalent time to alleviate the threat of malevolent data manipulation, revelation, in addition to process tamper. The usage of multiple cloud providers in support of gaining security and confidentiality benefits is nontrivial.