Attaining Pre-Eminent Cloud Security Using Intrusion Detection Systems

(1)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 3, Issue 2, February 2013)

214

Attaining Pre-Eminent Cloud Security Using Intrusion

Detection Systems

Jagadeeshraj.V.S

1

,

Lijoy C. George

2

,

Thenmozhi.S

3

1,2_{Student, Kalaignar Karunanidhi Institute of Technology, Tamilnadu, Coimbatore} 3_{Assistant Professor (SG), Kalaignar Karunanidhi Institute of Technology, Tamilnadu}

Abstract— The excitement over the cloud is raised when the need of assets excesses the boundaries. The novelty comes in need at the last quarter of 2007, the trend behind the cloud computing is, it offer all the customer’s need as a service like software, infrastructure, storage, hardware and more on, it is the blend of virtualization, resource scheduling, database, networks, operating system, managing transactions, load balance, concurrency control and memory management. In a cloud computing environment, the entire data reside over a set of networked resources, enabling the data to be accessed through virtual machines. Since these data centers may lie in any corner of the world beyond the reach and control of the users, there are diverse security and privacy challenges that need to be understood and taken into consideration. Conventional infrastructure security controls designed for dedicated hardware do not always map well to the cloud environment. So cloud architectures must have well-defined security policies and procedures in place. Also realizing the full interoperability with existing dedicated security controls is unlikely; there has to be some degree of compatibility between the newer security protections specifically designed for cloud environments and traditional security controls. This paper aims to emphasize on various security threats, pros and cons in the existing security methods and also a new solution to acquire pre-eminent cloud security using intrusion detection systems.

Keywords—Cloud Computing, XaaS, Intrusion Detection System, Privacy Manager, Inspection Engine, Virtual Machine Introspection.

I. INTRODUCTION

Cloud computing is the finely tuned virtualization of distributed (Information Technology) IT resources (software, hardware, data, infrastructure, security, business, etc.) which could be accessed over the internet on demand, dynamically scalable and pay only for use policy. Cloud computing brings a variety of customer benefits such as ease of deploying IT resources for new business, less system operating and maintenance costs and reduce large piece of deployment time. Its foreground is to provide secure, quick, convenient, data storage and net computing service centered by internet.

Also through this model user can minimize the capital expenditure for the IT resources and need not to be fret about the maintenance of the resources. This computing model provides all the customer need as a service (Everything as a service (XaaS)) [1] in a flexible manner and which can be accessible over internet even through light weight portable devices. The key characteristics of cloud computing as defined by NIST (National Institutes of Standards and Technology) are self-service on-demand, access over broad network, resource pooling, rapid growth of elasticity and measurable service [2]. Cloud environment supports Grid Computing by quickly providing physical and virtual resources (severs) on which grid application can run.

Now cloud computing is attaining its hype because of its potential to reduce IT costs and using autonomous systems and giving guaranteed QoS. Although anxieties are being raised about its security issues. Because of less complexity and reducing requirements in the client side, customers around the world feel like to enter in to cloudy environment but shilly-shallying arises when addressing third party trust and security threats in cloud. In spite of being hype, there are certain aspects behind the fact that many organizations are yet not confident of moving into the cloud. Certain loopholes like security, privacy in its architecture have made cloud computing vulnerable. [3]. In this paper we discuss on various Intrusion Detection Systems for achieving secure cloud environment. And we proposed a technique with intrusion detection system in the cloud virtualization layer which raises the effectiveness of the security and it better auditing facilities.

(2)

International Journal of Emerging Technology and Advanced Engineering

215

II. BACKGROUND

A. Cloud Layers and its Services

Cloud offers everything as a Service like IaaS (Infrastructure as a Service), PaaS (Platform as a Service), SaaS (software as a service), BaaS (Business as a Service), SecaaS (Security as a Service), Hardware as a Service (HaaS), FaaS (Framework as a Service), DaaS (Desktop,

Database, Development as a Service), CaaS

(Communication as a Service) etc [4].Figure 1 shows the layered architecture of cloud for everything as a service.

Fig.1 Layered Architecture of Cloud Computing

Based on the services offered, cloud computing can be considered to consist of three layers. There are SaaS, PaaS and IaaS.

1) Software as a Service (SaaS): SaaS allows users to run applications remotely which is deployed on the PaaS or IaaS layers on the cloud platform. It is based on licensing software use on demand, which is already installed running on a cloud platform. Examples of major providers are Amazon Web Services (AWS), Google Apps, IBM, Zoho, SalesForce.com (SFDC), OpenID, A2Zapps.com and Oracle etc.

2) Infrastructure as a Service (IaaS): It refers to computing resources as a service. This includes virtualized computer with processing power and reserved bandwidth for storage and Internet access. Key examples are Amazon EC2, GoGrid, Flexi Scale, Rackspace, Joyent etc.

3) Platform as a Service (PaaS):PaaS is combination of IaaS, and operating systems and required services for a particular application. Or, PaaS is IaaS with a custom software stack defined by the user for the given application. PaaS platforms also provide the programming environment to access and utilize additional application building blocks. Key examples are Google App Engine (GAE), Amazon S3, Heroku, Microsoft Azure and Force.com etc.

B. Cloud Deployment Models

There are many considerations for cloud computing architects to make when moving from a standard enterprise application deployment model to one based on cloud computing. There are four basic service models to consider.

1)Private Cloud: The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise. Private clouds may be deployed in an enterprise datacenter, and they also may be deployed at a colocation facility.

2)Community Cloud: The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns. It may be managed by the organizations or a third party and may exist on premise or off premise.

3)Public Cloud: The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. Public clouds are most often hosted away from customer premises, and they provide a way to reduce customer risk and cost by providing a flexible, even temporary extension to enterprise infrastructure.

4)Hybrid Cloud: The cloud infrastructure is a

composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).

III. BARRICADES IN CLOUD SECURITY

(3)

International Journal of Emerging Technology and Advanced Engineering

216 A.Various Security threats in cloud layers.

In the application level (SaaS) end user applies to a person or organization who subscribes to a service by a cloud provider. In SaaS some concerned threats are interception, Modification of data at rest and in transit, data interruption (deletion), impersonation and traffic flow analysis, exposure in network, session hijacking and privacy breach. For the above threats in the application level some of the security requirements are privacy in multitenant environment, data protection from exposure (remnants), access control, communication protection, software security and service availability.

In the virtual level (SaaS/PaaS) Developer-moderator applies to a person or organization who subscribes that deploys software on a cloud infrastructure. In PaaS/IaaS some concerned threats are programming flaws, software modification and software interruption (deletion), traffic flow analysis, session hijacking, and exposure in network, connection flooding, impersonation and disruptive communication. For the above threats in the virtual level (IaaS/PaaS) some of the security requirements are secure images, application security, access control, virtual cloud protection, communication security, data security (data in transit, data at reset) and cloud management control security.

In the physical level (data center) applies to a person or organization that owns the infrastructure upon which clouds are deployed. In physical level some concerned threats are connection flooding, Hardware interruption,

Hardware modification, Hardware theft, Hardware

modification, Misuse of infrastructure, Nature disasters. For the above threats in the virtual level some of the security requirements are Hardware security, Hardware reliability, Hardware protection, network resource protection and legal not abusive use of cloud computing.

B.Top Threats to Cloud Computing.

[6]

Cloud Security Alliance (CSA) identified the following threats as obstacles for achieving secure cloud environment:

 Abuse and Nefarious Use of Cloud Computing  Insecure Application Programming Interfaces  Malicious Insiders

 Shared Technology Vulnerabilities  Data Loss/Leakage

 Account, Service & Traffic Hijacking  Unknown Risk Profile

IV. INTRUSION DETECTION SYSTEM (IDS)

Intrusion Detection/Prevention Systems (IDS/IPS) are quickly gaining in popularity as a way to monitor networks for anomalies that could indicate an attack on your network. Typically, IDS/IPS is passive in nature and works by scanning packets for patterns that match a pre-defined signature base. The signature base contains information relating to a known vulnerability, threat or pre-attack probe. Most IDS platforms will also allow for the creation of a custom signature base that can scan for pattern matches (passwords, keywords, etc) or new threats where a known signature does not currently exist.

A. Intrusion Detection System (IDS).

(4)

International Journal of Emerging Technology and Advanced Engineering

217 B. Types of Intrusion Detection.

Many of the traditional IDS products on the market fall into one of two categories; host based intrusion detection system (HIDS) and network based intrusion detection system (NIDS).

1) Network-or-Traffic Based IDS (NIDS): Network-Based IDS is largely used for protect a complete network segment. To achieve this task, they are usually placed on the network perimeter in a place that allows it to read all the exchanged traffic with the protected network segment. NIDS look for anomalous activity, data packet inspection and behavioral events. NIDS uses some basic strategy for network intrusion detections and preventions are signatures matching analysis, Network Behavior Analysis (NBA) or traffic analysis, and protocol analysis or heuristics.

2) Host-or System Event-Based IDS (HIDS): This is where the intrusion detection system is intended to protect a single host. This is usually achieved using a special software running on the host and utilize fire-wall like strategies to intercept traffic and analyze it to report any malicious traffic. HIDS monitor files, access attempts, system logs or other definable portions of a particular host for suspicious activity that could indicate an intrusion attempt or successful entry into the host itself. Maintaining a HIDS environment can be a very time intensive process because the sensors must be installed on every host that needs to be monitored. Since the host sensor resides on the local platform, the potential for OS performance degradation exists because of the processor time needed to perform the monitoring function. On the other hand NIDS can be implemented in virtual environment only the virtual switch and our solution design supports it.

The basic intrusion techniques will perfectly suits for traditional data centers so for the virtually distributed or cloud environment we proposed an intrusion technique which is integrated in the cloud hypervisor.

V. PROPOSED METHOD

In our proposed method we used the guide lines of Cloud Security Alliance (CSA) Intrusion Management [5], September 2012 with the existing client based privacy manager for cloud technique. Figure 2 shows the architecture of privacy manager for cloud with IDS (inspection engine) integrated in cloud hypervisor.

Client Based Privacy manager [9] [10] helps to reduce the risk of data leakage and loss of privacy of he sensitive data processed in the cloud and provides additional privacy related benefits. The main features of this privacy manager are Obfuscation, Preference setting, Data access, Feedback and Personae.

Obfuscation is the process of encrypting some or all of the user’s private data before it is sent to the cloud storage. The key used for this obfuscation process is only known by the privacy manager which resides separate from cloud service provider, so the service provider is not able to de-obfuscate the user’s private data. Preference Setting and personae provides protection for the unobfuscated private data by setting preferences for users about the handling of private data within the cloud and option to choose between multiple personae when interacting with multiple cloud services .Then the Feedback module manages and displays feedback to the user regarding usage of his personnel data, including notification of data usage in the cloud. By implementing the virtualization layer intrusion technique using inspection engine in the hypervisor we can achieve the VM-to-VM communication as well as inspection of guest operations and offline VMs.

Also our proposed method holds a separate Net flow, Syslog and packet data which can be used for auditing purpose. Auditing helps Cloud Service Providers (CSPs) and their users to address emerging requirements and the evolution of cloud business model [11]. By auditing the syslog and net flow we can discover knowledge like identifying security document issues, when an attack is taking place and documenting the existing threat to an organization becomes simple. Also the data (syslog, net flow, etc) from the inspection engine in the hypervisor raises the effectiveness of Feedback module of the privacy manager. The Inspection Engine (IE) that is integrated in the hypervisor monitors all the VMs whether it is offline or online and finds the anomaly based on the anomaly behavior. IE uses the additional information like guest information for protection which is stored in VM status or Configuration data and uses introspection based methods for patch levels.

(5)

International Journal of Emerging Technology and Advanced Engineering

218 Even this type of intrusion detection technique fall under the host based IDS the transparency is high when compared

to HIDS or NIDS.

Fig.2 Architecture of Hypervisor Integrated IDS in Privacy Manager for Cloud Environment

Fig.3 Inspection Engine (IE) Internal Design

VI. CONCLUSION

Our proposed method produces an effective intrusion mechanism for most kind of attacks and also it provides the better auditing facilities for document the existing threat to an organization. We aim to reduce the impact on virtual machines or the host performance when the load on the IDS module is high. Also using virtualization layer detection method when the hypervisor is compromised, IDS cannot be trusted this can be a future work for our method.

REFERENCES

[1] Gathering clouds of XaaS! (www.ibm.com/developer)

[2] Peter Mell and Tim Grance, October 7, 2009 The NIST Definition of Cloud Computing version 15, National Institutes of Standards and Technology (NIST), Information Technology Laboratory

[3] Whitepaper, McAfee ―Database Security in Virtualization and Cloud Computing Environment: The three key technology challenges in protecting sensitive data in modern IT architectures,‖ https://portal.mcafee.com/downloads/General%20Documents/databa se_security_in_virtualization_and_cloud_computing_environments. pdf

(6)

International Journal of Emerging Technology and Advanced Engineering

219 [5] Cloud Security Alliance (CSA),September 2012 SecaaS

Implementation Guidance, Category 6: Intrusion Management. [6] Cloud Security Alliance, march 2010 ―Top Threats to Cloud

Computing‖ at

(http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf) [7] Dimitrios Zissis *, Dimitrios Lekkas, Addressing Cloud computing

security issues Future Generation Computer Systems (2011) [8] Garfinkel, T., & Rosenblum, M. (n.d.). A Virtual Machine

Introspection-Based Architecture for Intrusion Detection. Computer Science Department, Stanford University

[9] Miranda Mowbray, Siani Pearson. A Client-Based Privacy Manager for Cloud Computing. COMSWARE’09:Proocedings of the Fourth International ICSI Conference on Communication System Software and middleware, June 2009

[10] Shilpashree Srinivasamurthy, David Q. Liu, Department of Computer Science, Indiana University – Purdue University Fort, Wayne ―Survey on Cloud Computing Security‖

[11] Tim Mather, Subra Kumaraswamy, Shahed Latif Cloud Security and Privacy : An Enterprise perspective of Risks and Compliance, O'Reilly Media, Inc., 2009

[12] Greg Boss, Padma Malladi, Dennis Quan, Linda Legregni, Harold Hall, ―High Performance On Demand Solutions (HiPODS) www.ibm.com/developerworks/websphere/zones/hipods/

[13] Open Security Architecture

(http://www.opensecurityarchitecture.org/)

[14] Intrusion Detection

(http://en.wikipedia.org/wiki/Intrusion_detection_system)

[15] Intrusion Prevention

(http://en.wikipedia.org/wiki/Intrusion_prevention_system). [16] Dawn Song, Elaine Shi, and Ian Fischer, University of California,

Berkeley and Umesh Shankar, Cloud Data Protection for the Masses published by IEEE, Jan 2012

[17] Weichao Wang, Zhiwei Li, Rodney Owens, Bharat Bhargava,CCSW 2009 Secure and Efficient Access to Outsourced Data in ―The ACM Cloud Computing Security Workshop‖

[18] Cloud Security Alliance (CSA) ―Domain 12 Guidance for Identity

& Access Management V2.1‖,April-2010

http://www.cloudsecurityalliance.org/guidance/csaguide-dom12-v2.10.pdf

[19] Richard Chow, Philippe Golle, Markus Jakobsson, Ryusuke Masuoka, Jesus Molina Elaine Shi, Jessica Staddon Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control