Hypervisor Hardware Fuzzy Trust Monitor in Cloud Computing

(1)

Computing

Jaiganesh M.

1,∗

, Vincent Antony Kumar A.

1

and Ramadoss B.

2 1_{Department of Information Technology, PSNA College of Engineering and Technology,}

Dindigul 624 622, Tamilnadu, India.

2_{Department of Computer Applications, National Institute of Technology,}

Tiruchirrapalli, Tamilnadu, India. e-mail:1_{jaidevlingam@gmail.com}

Abstract. Cloud computing is opening a new age in receiving information pools by get-ting connected to internet through any connected device. It provides pay per use method. The services are asked for by the users through on demand. Cloud service providers consider the cloud user as a virtual client to establish a virtual environment of cloud computing. The major concern in cloud computing is assuring security against the unauthenticated accessi-bility of the cloud services. Massive amount of cloud services results in a growing insist for skilled resource organization and Trust management. We propose a trust model called Hyper-visor Hardware Fuzzy Trust Monitor to determine the illegal behavior in virtual environment. We include a fuzzy based controller in hypervisor; monitor the hardware and resource based attackers. We present a major three factors such that Network Traffic, Disk space, GFLOPS to assure trust to the user. We perform simulations to find the trust less users accessing resources in cloud computing.

Keywords: cloud computing, security, trust analysis, trust worthiness, virtualization.

1. Introduction

Cloud computing is an evolving paradigm to access assortment of data pool via internet by using connective devices such as Personal Digital Assistant (PDA), Work station and Mobile [4,6]. It is ability based computing and which has the capability to deliver services over the internet. It provides on – demand access without the need of any human intervention. The standard deployment object that is used in cloud computing is Virtual Machines (VM). It enhances flexibility and enables data center as dynamic in nature. The technique of dividing a physical computer into several partly or completely isolated machines is known as virtualization. Virtualization is the buzz of the enterprisers IT market, and the upcoming IPO of VMware, the industry’s most successful virtualization solution

(2)

vendor, is of great interest. Virtualization has the ability to hire a server or thousand servers that can be run in a geophysical modelling application in anywhere. Here the isolated machines are known as either the virtual client or the guest machines. The guest machine is having an individual virtual client which runs each instance of the operating system and its tasks separately. These guest operating systems are monitored, managed and controlled by a Virtual Machine Monitor (VMM) named hypervisor. It supervises the task, threads flow between the guest operating system and the virtual physical hardware like Disk usage, CPU utilization and Memory. Security issues concerned are broadly classified into two classes such as service provider’s side and customer side [5]. It is the responsibility of the data center to provide necessary security measures needed for both the data center and clients. The clients must ensure that the data, applications they receive and services are secure [1]. One of the biggest concerns with cloud computing is the un trusted usage of cloud computing resources without the knowledge of cloud service provider. The data from various users must not be interlinked with others and storage of data is another important factor. Availability of data is another work of the server. It should ensure that the data and services in the server are available to users round the clock. As the amount of web based disseminated system rises, the occurrence of malware behavior also increased [3].

Here, finding trust is an uncertainty in nature, so, we are including a stochastic uncertainty for reasoning using fuzzy expert system. The informal fuzziness has been used to identify the trust of clients in cloud computing [2]. Fuzzy Logic was introduced by Zadah [14,15]. It is a problem – solving system methodology that lends itself to survive systems ranging from simple to sophisticated to survive. It is used in embedded, networked, distributed systems. Fuzzy set is a common set that has collection of elements measuring improbability in the set. It has varying degrees of membership in the set. A typical function of a crisp set allocates a value of either 1 or 0 to each individual in the universal set. The function can be comprehensive in such a manner that the values are assigned to the elements of the universal set. Huge values represent upper degrees of set membership and it is called membership function and the set is identified as fuzzy set. This paper is organized as follows. Section 2, gives the problem identification. Section 3, the deals with problem formulation, prelimi-naries and definitions. Section 4, presents finding of Hypervisor Hardware Trust Monitor using fuzzy modelling and Section 5, Performance analyzes and experiment results shows the realistic of proposed model and Section 6 gives conclusion of the paper.

2. Problem statement

Virtual isolation is a problem in which the virtual clients are attacked by malware by injecting codes into other virtual clients. Hypervisor also is vulnerable to these attacks. The virtual isolation problem is revealed in Figure 1. The three different essentials can be showed as follows 1. Data center (Hardware units, Storages and resources) 2. Hypervisor 3. Virtual Client (VC)

Data center: Datacenter is considered being a sophisticated server having high volume of disk

capacity, hardware units and resource. Virtual clients include simulations of hardware especially storage and networking done in data center itself [9]. Data center is able to control the resources of virtual clients. All virtual clients share the data center hardware and memory. A data center is restricted to access area containing automated systems that constantly monitor processor availability, Web traffic and Network performance.

(3)

Figure 1. Virtual isolation problem.

Hypervisor: The hyper visor is the virtual machine monitor that is responsible for virtual client to

access hard ware and allocate physical properties and resources to each client like disk separation, utilization of network cards. It is also possible for application level partition. (E.g. many applications share a single OS).

Virtual Client: A client requesting service is called virtual client. More number of clients request

for service and are provided virtually. Virtual clients are utilized to provide highly secure access to remote and desktop virtually from any client at any time. It simplifies system management and application deployment [11]. It helps in lower cost and maintenance. Client services is classified into three major categories and they are software as a service, platform as a service, Infrastructure as a service. These services enable highly available, reliable in its desktop users.

In figure 1 depicts, the virtual clients request for own resources and they run in their own appli-cation domain. Each Virtual Client (VC) is isolated to run in an individual domain. The domain 1 is coupled by including VC1 and VC2, domain 2 is coupled by including VC3 and VC4, domain 3 is coupled by including VC5 and VC6. In this scenario VC3 is a malware which is able to attack VC1 and VC6 and exploit the properties of hardware, CPU utilization, Disk access and eavesdrop their resources. It is a most imperative circumstance to be noted down in our virtual hypervisor secu-rity. If a virtual client is attacked by a malware, cause nearby virtual client is also affected and may get the complete control. The crashing out of virtual client is called as virtual client escape or VM escape. Thus it is essential to note down an individual attacker or a group of attackers that cause a high risk. The hypervisor is able to monitor and manage the virtual clients and perform their tasks called introspection [12]. The hypervisor is responsible for monitoring the following resource intro-spection capabilities of various clients and any illegitimate activities by the clients. 1) High Network Traffic. 2) Giga Floating-point Operations per Second (GLOPS) 3) Disk space.

High Network Traffic: It is not giving operational transaction and bandwidth assurance.

Segmen-tation of bandwidth is important. In cloud computing, cloud service provider might provide com-mitted information rate. It includes the guaranteed amount of bandwidth that the every client should get. The number of service tends to grow and cloud service provider increases the cloud information

(4)

rate which brings increase in their bandwidth. The volume of services on the cloud computing keeps growing and tends to ever more bandwidth – hungry.

Giga Floating-point Operations Per Second (GFLOPS): GFLOPS, or GigaFLOPS, measures

a quantity in billions of floating-point operations per second (FLOPS) that a computer’s micro-processor can handle. Frequently, the word Giga FLOPS is perplexed with frequency. The difference is that frequency measures the number of cycles the CPU runs at, and the GFLOPS calculates the number of floating point operations it can handle. Thus FLOPS is a standard that shows how the system executes while computing very difficult mathematical estimations.

Disk space: Disk space is the storage capacity available for a particular virtual client. It purely

depends on the application or task used by the client [13]. In cloud computing, the applications are permanently stored in the data center for the access of the users whenever they need. Thus the memory should be elastic in nature to support the changing applications of all the users.

3. Hypervisor Hardware Fuzzy Trust Monitor

The proposed Hypervisor Hardware Fuzzy Trust Monitor (H2FTM) is aimed to actively measure the network based misuse behavior of the guest Virtual Machines (VMs) by permitting the Hyper-visor intrinsic of fuzzy controller to observe guest virtual machines and infrastructure components. We propose a novel approach which tightens hypervisor to measure trust in network utilization envi-ronment called Hypervisor Hardware Fuzzy Trust Monitor (H2FTM). This knowledge of finding trust worthiness is measured in terms of fuzzy inference rules which connect antecedents with con-sequences. The method is called If A, then B ( A,B-Fuzzy sets) [7]. Fuzzy controller is working as

a feedback system by repeating the cycles to all and attained a desired output. To establish the steps involved in fuzzy controller modelling, to define the input variables and output variables. Hyper-visor trust measurement is progressed and the H2FT (τ) is measured among three major network resources to be factors called Network Traffic (NT), Disk Space (DS) and CPU Utilization (CPU). In our assumption these factors are considered as input variables and Hypervisor hardware Trust Monitor as output variable. Hypervisor Hardware trust (τ) is finding as a single variable in spite of Network Traffic, Disk space and CPU cycles. We consider the combinations of any two input vari-ables d,d are considered as Network traffic, CPU cycle and Disk space by utilizing these values, the¯

fuzzy controller produces a controlling variableτ that is (H2FT). 3.1 Step 1

In step one, it is a process of identifying input/output variables and to assign a meaningful linguistic states and their ranges. To prefer exact linguistic states for each variable and pose them by corres-ponding fuzzy sets. These linguistic states are proposed as fuzzy sets (or) fuzzy numbers. Which consider that the ranges of input variables d,d are [¯ −a, a] and [−b, b] respectively and the range

of output variable areτis [−c, c]. Each input and output variables has three linguistic states.

3.2 Step 2

In this step, we introduce a fuzzification function for each input variable to propose the associate observation uncertainness. To find grades of membership of linguistic values of linear variable

(5)

corresponding to an input number or Fuzzy number. It is used to calculate and interpret observations of input variable, each expressed as a real number.

Consider a fuzzification function of the form

fd: [−a,a]→ R (1)

where R denotes the set of all fuzzy numbers and fd(x0)is a fuzzy number chosen by fdas

approxi-mation of the measurement d =x0.

We introduced trapezoidal shape as membership function to define fd(x0). It is showing the two control variables and their trapezoidal view to represent fuzzy numbers.

3.3 Step 3

Fuzzy inference system can be generated as relevant fuzzy inference rules by fuzzy associated memory called FAM square. They can be conveniently represented by F AM square rules.

In our approach d,d are inputs,¯ ηis output variable then

If d =A and d¯ =B, then η=C. (2)

where A, B, C are fuzzy numbers chosen from the set of numbers and their linguistic states. The possible rule generated for each input and output variable is 3, so 32 =9 totally we have 36 rules. To find the fuzzy rules practically we need a set of input-output data of the following

X{xk,yk,zk|k∈ K} (3)

where zk is a attained value of output variableηfor given value xk and yk of the input variable d

andd respectively, K is an appropriate index set.¯

Let A(xk),B(yk),C(zk)denote the largest membership grades. Then the degree of relevance can

be expressed by

i1[i2(A(xk),B(yk),C(zk)] (4)

where i1, i2are t-norms.

Note:

A function i : [0,1]2 _→ _[0_,_{1] such that for all a}_,_b_,_d _∈ _[0_,_{1]; i}₍_a_,₁₎ ₌ _{a; b} _≤ _{d implies}

i(a,b)≤(a,d); i(a,b)=i(b,a); i(a,i(b,d))=i(i(a,b),d).

The function is usually also continuous and such that i(a,a)≤a for all a∈[0,1]. 3.4 Step 4

The observation of input variable must be periodically matched with Fuzzy inference rules to make inference in terms of output variables.

(6)

We choose composite inference logic to define our variables. We convert the given fuzzy inference rules represented in equation (17) which is equivalent to simple fuzzy conditional proposition of the form

Ifd,d¯is A×B, then η is C, (5)

where

[ A×B](x,y)=min[ A(x),B(y)]. (6) for all x∈[−a,a] and y ∈[−b,b].

The output variable H2FT τ becomes the problem of approximate reasoning with composite inference in fuzzy proposition. The fuzzy rule base consists of ‘n’ fuzzy inference values, then,

Rule 1 : IF(d,d¯)is A1×B1,thenτ is C1 Rule 2 : IF(d,d¯)is A2×B2,thenτ is C2 . . . Rule n : IF(d,d¯)is An×Bn,thenτ is Cn Fact:(d,d¯)is fd(x0)× f_d_¯(y0) . . . Conclusion:τ i s C.

The symbols Aj,Bj,Cj(j = 1,2, . . .n)denote fuzzy sets that represent the linguistic states of

variables d,d,¯ τ respectively.

The rule is explained in terms of relation Rj.

The rules are considered as disjunctive in nature. We derive the equation (16) to conclude the output variableτ is defined by the fuzzy set as

C=

j

[ fd(x0)× fd¯(y0)],oiRj (7)

where oi is the sup-i composition for a t-norm i . The choice of the t-norm is a matter similar to the choice of fuzzy sets for given linguistic labels.

3.5 Step 5

The process of computing single fuzzy number from C is called Defuzzification. The fuzzy output variable is also a linguistic variable, whose value have been assigning grades of membership. In the last step, we find a single number compatible with membership function in Hypervisor Hardware Fuzzy Trust (H2FT) called output membership function. We calculated the output variable with centroid method can be expressed as

x∗= b a μA(x)x d x b a μA(x)d x (8) LetμA(x) be the corresponding grade of membership in the aggregated membership function, let

(7)

1. Xminbe the minimum x value attain the minimum of Hypervisor Hardware Fuzzy Trustτ. 2. Xmodbe the moderate x value attain the moderate of Hypervisor Hardware Fuzzy Trustτ. 3. Xmaxbe the maximum x value attain the maximum of Hypervisor Hardware Fuzzy Trustτ.

X∗is defuzzified output as a real number value.

4. Performance Analysis

We discuss the trust output using the proposed model of fuzzy inference systems. We considered the factors like Network traffic, GFLOPS and Disk space to find out the trust factor for a parti-cular user. The abnormal usage of the above resources by the virtual client indicates the possibility of hacking. The trust model results are retrieved using MATLAB 7.8 version with INTEL core2 processor running at 2 GHZ, 2048 MB of RAM with fuzzy inference system editor. The first step of simulation in trust model is the fuzzification process. Here the factors for trust are converted in to trapezoidal member functions using membership function editor. The factors are converted in a degree of membership between (0-1). The factors are enumerated into small, medium and large in case of memory and low, medium, high in case of Network traffic, GFLOPS and Disk space. The next step of trust model is constructing the fuzzy rule base. The trust output for different combi-nations of input variables and their values are documented as if-then rules. These are formulated by rule-editor. Mamdani method is used for accessing the rules. Finally, the last step of trust model is the defuzzification process to get crisp result. We can see the H2FT showing the client’s behavior with respect to Network traffic due of bandwidth and GFLOPS in Figure 2. The region of increase and decrease in the usage of resources is clear from the figures. The combined view of the usage of Network traffic and Disk space by the client is shown using fuzzy 3D view in Figure 2. The view of the client behavior towards the Disc space and GFLOPS is shown in Figure 3. From the utili-zation of bandwidth more, the Network traffic is seen to be maximum. The figures depict that the resources are utilized at the maximum at some points indicating the chance of attack. The input for fuzzy inference engine is calculated by simple attribute function and output is found by using Mamdani method. We infer from the analysis that the hypervisor is able to detect the trust of the

(8)

Figure 3. Fuzzy view of network traffic vs H2FT.

virtual clients before allocating the resources. It also terminates the allocation of Network traffic, GFLOPS and Disk space to a virtual client, if he is not trust worthy. The Analysis shows that the trust system model suggested is more accurate in predicting the trust in virtual cloud environment than human supervising. Thus the above model holds good in its analytical results shown and helps the hypervisor in taking rapid decisions.

5. Conclusion

As stated in the paper, though are several factors to have a assured trust in using the cloud environ-ment. The virtual world has worn out the last decade staggering on protecting resources and net-works from conventional security attacks. The problems are out sourcing the resources, maintaining the Network traffic and monitoring the disk space are the three important factors to be solved. The H2FTM idea is implemented in the above paper which calculates the trust worthiness of a user based on the above three factors. As illustrated in the paper, the drips in cloud results in illicit cloud service as well as the entire cloud hack. So the control of resources and their distribution to multiple hosts must be secured and optimized. Thus having a hypervisor based trust monitor provides its service in administering the resources of the cloud users.

References

[1] Vincent Antony Kumar, A. and Jaiganesh, M.: JNLP Based Secure Software as a Service in Cloud Computing. In Proceedings Communications in Computer and Information Science, Springer Verlag, 283, 495–504 (2012).

[2] Vincent Antony Kumar, A. and Jaiganesh, M.: ACDP: Prediction of Application Cloud Data Center Proficiency using Fuzzy Modeling. In International Conference on Modeling, Optimization and Computing, Procedia Engineering, Elsevier Publications, 38(3), 3005–3018 (2012).

[3] Wang, C., Ren, K. and Wang, J.: Secure and Practical Outsourcing of Linear Programming in Cloud Computing. In Proceedings of IEEE INFOCOM International Conference, 820–828 (2011).

[4] Francesco Maria, A., Gianni, F. and Simone, S.: An Approach to a Cloud Computing Network. In Proceedings International Conference on Applications of Digital Information and Web Technologies, 113–118 (2008).

(9)

[5] Hamlen, K., Kantarcioglu, M., Khan, L. and Bhavani, T.: Security Issues for Cloud Computing, Inter-national Journal of Information Security and Privacy, 4(2), 39–51 (2010).

[6] Foster, I., Zhao, Y., Raicu, I. and Shiyong, L.: Cloud Computing and Grid Computing 360-Degree Compared, Grid Computing Environments Workshop, 4–6 (2008).

[7] Varia, J.: Cloud Architectures, White Paper by Amazon Web Services, Amazon Company, 1–14 (2008). [8] Mamdani, E. H. and Assilian: An Experiment in Linguistic Synthesis with a Fuzzy Logic Controller,

International Journal Man-Machine Studies, 1–13 (1975).

[9] Armbrust, M., Armando, F. and Gri, R.: Above the Clouds: A Berkeley View of Cloud Computing, http://www.eecs.berkeley.edu /Pubs/TechRpts/2009/EECS-2009-28.html, 4–6.

[10] Nelson, M., Charles, C., Fernando, F., Marcos, A., Tereza, C. M. B., Naslund, M. and Pourzandi, M.: A Quantitative Analysis of Current Security Concerns and Solutions for Cloud Computing, Journal of Cloud Computing: Advances, Systems and Applications, 1(11): 1–21 (2012).

[11] Wang, Q., Wang, C., Ren, K., Lou, W. and Li, J.: Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing, IEEE Transactions on Parallel and Distributed System, 22(5): 847–859 (2011).

[12] Buyya, R.: Market-Oriented Cloud Computing: Vision, Hype and Reality of Delivering Computing as the 5th Utility. In Proceedings IEEE/ACM International Symposium on Cluster Computing and the Grid, 1–13 (2009).

[13] Subhasini, S. and Kavitha, V.: A Survey on Security Issues in Service Delivery Models of Cloud Com-puting, Journal of Network and Computer Applications, 34(1), 1–11 (2011).

[14] Zadeh, L. A.: Fuzzy Sets and Systems, International Journal of general systems, Taylor Francis, 129–138 (1990).

[15] Zadeh, L. A.: Outline of a New Approach to the Analysis of Complex Systems and Decision Processes, IEEE Transactions on Systems, Man and Cybernetics, 3, 28–44 (1973).

[16] Zeng, X. J. and Singh, M. G.: Approximation Theory of Fuzzy Systems: SISO case, IEEE Tranactions on Fuzzy Systems, 2(2), 162–176 (1994).