REVIEW ON SECURE INFORMATION FLOW CONTROL IN CLOUD COMPUTING

10 

Loading....

Loading....

Loading....

Loading....

Loading....

Full text

(1)

Available Online at www.ijpret.com 1090

INTERNATIONAL JOURNAL OF PURE AND

APPLIED RESEARCH IN ENGINEERING AND

TECHNOLOGY

A PATH FOR HORIZING YOUR INNOVATIVE WORK

REVIEW ON SECURE INFORMATION FLOW CONTROL IN CLOUD COMPUTING

MISS. ANKITA A. DESHMUKH1, PROF. P. P. DESHMUKH2 1. Department of Computer Science and Engineering, P.R.Pote College Of Engineering, Maharashtra, India.

2. Professor, Department of Computer Science and Engineering, P.R.Pote College Of Engineering, Maharashtra, India.

Accepted Date: 05/03/2015; Published Date: 01/05/2015

Abstract:Cloud computing is an emerging computing paradigm where computing resources are provided as services over Internet while residing in a large data center. Even though it enables us to dynamically provide servers with the ability to address a wide range of needs, this paradigm brings forth many new challenges for the data security and access control as users outsource their sensitive data to clouds, which are beyond the same trusted domain as data owners. A fundamental problem is the existence of insecure information flows due to the fact that a service provider can access multiple virtual machines in clouds. Sensitive information may be leaked to unauthorized customers and such critical information flows could raise conflict-of-interest issues in cloud computing.This document provides an insight on different technologies and services specifically for monitoring and security in cloud. Much emphasize is given on virtualization technology because cloud computing highly relies on it.

Keywords: Cloud computing modules, cloud virtualization, security of flow control.

Corresponding Author: MS. ANKITA A. DESHMUKH

Access Online On:

www.ijpret.com

How to Cite This Article:

Ankita A. Deshmukh, IJPRET, 2015; Volume 3 (9): 1090-1099

(2)

Available Online at www.ijpret.com 1091

INTRODUCTION

Although cloud computing is based on a collection of many existing and few new concepts in several research areas like service-oriented-architecture (SOA) , distributed and grid computing ,as well as virtualization , it has become a promising computing paradigm drawing extensive attention from both academia and industry. This paradigm shifts the location of computing infrastructure to the network as service associated with the management of hardware and software resources. Cloud Computing started as a mean for interpersonal computing but now it is widely used for accessing software online, online storage [1] without worrying about infrastructure cost and processing power [2]. Organizations can offload their IT infrastructure in the cloud and gain from fast scalability. These organizations, not only include small businesses but also some parts of American government IT infrastructure is moved to cloud [3] as well. It has shown tremendous potential to enhance collaboration, scale, agility and availability. Suppose UA is trying to purchase airplanes to open up new routes and needs investments from banks. All the three banks are willing and competing to provide the investments to UA because of their business and financial interests. Since the consultant can access all the VMs in clouds, it is very likely the consultant will help one bank gain the contract with UA by leaking biding information of the other banks because of personal gains. In that case, the other banks will have tremendous commercial loss. Both UA and Delta also have sensitive information regarding plans, status and standing stored in clouds, each of whom wants to inquire through the consultant for competition. The consultant may also inadvertently disclose one's sensitive information to the other when serving both UA and Delta at the same time. The service provider discloses the sensitive information of BoA to Chase and the sensitive information of Delta to UA. This scenario demonstrates the possible existence of information flow problem in cloud computing which in turns raises conflict-of-interest issues and a critical need to investigate corresponding countermeasures.

II. LITERATURE REVIEW

“Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three delivery models and four deployment models.” [8].

(3)

Available Online at www.ijpret.com 1092

Private cloud.

• On-demand self-service

• Broad network access

• Rapid elasticity

• Measured service

• Location

Rajkumar Buyyaa, Chee Shin Yeoa, Srikumar Venugopala, James Broberga and Ivona Brandic [14] described about emerging IT technologies on cloud computing. They elaborate the scenario regarding market-oriented cloud architecture and resource management strategies for market-oriented Clouds. R. Buyya et al. [15] defines Cloud Computing according to its utility to end users. They put it like that the cloud computing is a market oriented distributed computing which consists of collection of interconnected and

Virtualized machines that can be dynamically presented as one or more unified computing resources depending upon Service Level Agreement (SLA) established between provider and consumer through some negotiation.

According to National Institute of Standards and Technology (NIST) [15] cloud computing is the new kind of computing model which can enable convenient, on-demand access to the shared resources like network, server, storage, application, service form the resources pool which can be rapidly released and deserves minimal management effort or service provider interaction. Shuai Zhang, Shufen Zhang, Xuebin Chen and Xiuzhen Huo [16] in their paper told that Cloud Computing is a new kind of computing model which enables outsourcing of all IT needs like storage, computation, and software which are geographically distributed through internet

(4)

Available Online at www.ijpret.com 1093

your computing needs to a company such as Google: they pay the cost of developing the software and keeping it up-to-date and they earn back the money to do this through advertising and other paid-for services.

Service Models

Cloud computing has been categorized into three models depending on the services provided by the cloud. Following is the brief description of each service model. The table 1 shows benefits of cloud services provided by different cloud vendors in the present market.

Software as a Service (SaaS)

The consumer is provided with the capability to use provider’s application running on a cloud infrastructure. The consumer does not have to manage cloud infrastructure like servers, operating system, storage and network. The services are accessed typically with a web browser. [9]

Platform as a Service

The consumer is provided with the capability to create applications on their own or through the tools provided by the provider on cloud infrastructure. The consumer has the control over their deployed applications but have not to manage server, storage, network or operating system. [9]

Virtualization as an Enabling Technology:

“In computing, virtualization is a broad term that refers to the abstraction of computer resources. Virtualization hides the physical characteristics of computing resources from their users, be they applications, or end users. This includes making a single physical resource (such as a server, an operating system, an application, or storage device) appear to function as multiple virtual resources; it can also include making multiple physical resources (such as storage devices or servers) appear as a single virtual resource...”

(5)

Available Online at www.ijpret.com 1094

infrastructure workloads will increase from approximately 60 percent in 2012 to almost 90 percent in 2014.4 this continuing growth makes cloud computing an obvious next step for many organizations.

Many companies are already virtulizing their IT environment and have been doing so for years. Initially, virtualization was deployed for compute resources, primarily as a cost-saving technology. Organizations soon recognized that virtualization provided additional cost-savings benefits as well as enhanced speed and flexibility. Most clouds are built on virtualized infrastructure technology. Cloud computing originated as a new way to deliver IT services by providing a customer interface to automated, self-service catalogs of standard services, and by using auto scaling to respond to increasing or decreasing user demand. From an IT perspective, a private cloud offers the key advantages of speed, agility, and efficiency while maintaining control of sensitive workloads.

(6)

Available Online at www.ijpret.com 1095

Security issues in information flow control

Organizations use the Cloud in a variety of different service models (SaaS, PaaS, and IaaS) and deployment models (Private, Public, Hybrid, and Community).There are a number of security issues/concerns associated with cloud computing but these issues fall into two broad categories: security issues faced by cloud providers (organizations providing software-,

platform-, or infrastructure-as-a-service via the cloud) and security issues faced by their

customers (companies or organizations who host applications or store data on the on the cloud).The responsibility goes both ways, however: the provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected while the user must take measures to fortify their application and use strong passwords and authentication measures.[4]

When an organization elects to store data or host applications on the public cloud, it loses its ability to have physical access to the servers hosting its information. As a result, potentially business sensitive and confidential data is at risk from insider attacks. According to a recent Cloud Security Alliance Report, insider attacks are the third biggest threat in cloud computing. Therefore, Cloud Service providers must ensure that thorough background checks are conducted for employees who have physical access to the servers in the data center. Additionally, data centers must be frequently monitored for suspicious activity.

In order to conserve resources, cut costs, and maintain efficiency, Cloud Service Providers often store more than one customer's data on the same server. As a result there is a chance that one user's private data can by viewed by other users (possibly even competitors). To handle such sensitive situations, cloud service providers should ensure proper data isolation and logical storage segregation.[10]

The extensive use of virtualization in implementing cloud infrastructure brings unique security concerns for customers or tenants of a public cloud service. Virtualization alters the relationship

between the OS and underlying hardware - be it computing, storage or even networking. This introduces an additional layer - virtualization - that itself must be properly configured, managed and secured. Specific concerns include the potential to compromise the virtualization software, or "hypervisor". While these concerns are largely theoretical, they do exist.[6] For example, a

(7)

Available Online at www.ijpret.com 1096

Deployment Models

There are four deployment models with reference to the services and users. Shubhasis Sengupta, Vikrant Kaulgud and Vibhu Saujanya Sharma [17] in their paper and Jayant Baliga, Robert

W.A. Ayre, Kerry Hinton and Rodney S. Tucker [18] in their paper emphasizes on the cloud computing infrastructure. They sub-divided to into Public, Private, Community and Hybrid Cloud.

Private cloud

The cloud is maintained and operated for a specific organization. Private cloud can be in-house or with a third party on the premises. The security premises can access the cloud services whereas the unauthorized clients are blocked.

Community cloud

The cloud infrastructure is shared among a number of organizations with similar requirements and interests. It can be in-house (Onsite community cloud) or with a third party (Outsourced community cloud) on the premises.

Public cloud

The cloud is available to the public on commercial basis by a cloud service provider. The public cloud has a large variety of organizational and general public clients making it easier to adapt but more vulnerable to security risks.

Hybrid cloud

This is the combination of different types of clouds (public, community or private clouds) The hybrid cloud has clear limitations for data/application access but as they are part of a single standardized or proprietary technology, which allows the data and application to be moved if required from one cloud to another.[12]

Cloud security controls

Cloud security architecture is effective only if the correct defensive implementations are in place. Efficient cloud security architecture should recognize the issues that will arise with security management. The security management addresses these issues with security controls.

(8)

Available Online at www.ijpret.com 1097

effect of an attack. While there are many types of controls behind a cloud security architecture, they can usually be found in one of the following categories.[13]

Deterrent controls

These controls are intended to reduce attacks on a cloud system. Much like a warning sign on a fence or a property, deterrent controls typically reduce the threat level by informing potential attackers that there will be adverse consequences for them if they proceed. [Some consider them a subset of preventive controls.]

Preventive controls

Preventive controls strengthen the system against incidents, generally by reducing if not actually eliminating vulnerabilities. Strong authentication of cloud users, for instance, makes it less likely that unauthorized users can access cloud systems, and more likely that cloud users are positively identified.

Detective controls

Detective controls are intended to detect and react appropriately to any incidents that occur. In the event of an attack, a detective control will signal the preventative or corrective controls to address the issue. System and network security monitoring, including intrusion detection and prevention arrangements, are typically employed to detect attacks on cloud systems and the supporting communications infrastructure.

Corrective controls

Corrective controls reduce the consequences of an incident, normally by limiting the damage. They come into effect during or after an incident. Restoring system backups in order to rebuild a compromised system is an example of corrective control.

III. CONCLUSION

(9)

Available Online at www.ijpret.com 1098

well as some of practical security issues. Future research work can be comprised of looking more and more closely in to virtualization technique and its implementation.

IV. REFERENCES

1. C. Cachin, I. Keidar, and A. Shraer, “Trusting the Cloud,” SIGACT News, pp.81- 86, 2009.

2. D. N. Chorafas, “Cloud Computing Strategies,” CRC press, 2010.

3. U. S. Air Force Selects IBM to Design and Demonstrate Mission-Oriented Cloud Architecture for Cyber Security. [Online]. Available: http://www-03.ibm.com/press/us/en/pressrelease/29326.wss, accessed on March.

4. I. Frank, A. Oludele, and O. Shade, “Cloud Computing Security Issues and Challenges,”

International Journal of Computer Networks (IJCN), p. 247, 2011.

5. Cyber Security and Privacy in Cloud Computing: Multidisciplinary Research Problems in Business. [Online].

6. Available:http://www.cspri.seas.gwu.edu/Seminar%20Abstracts%20and%20Pape rs/CloudComputingLumley.pdf, accessed on February 2012.

7. J. Sahoo, S. Mohapatra, and R. Lath, “Virtualization: A Survey on Concepts, Taxonomy and Associated Security Issues,” pp.222-226, 2010.

8. I. Menken and G. Blokdijk, “Cloud Computing Virtualization Specialist Complete Certification Kit - Study Guide Book and Online Course,” Emereo Pty Ltd, 2009.

9. H. Takabi, J. B. D. Joshi, and G. Ahn, “Security and privacy challenges in cloud computing environments,” IEEE Security and Privacy, vol. 8, pp.24-31, 2010.

10.Security Guidance for Critical Aread of Focus in Cloud Computing V2.1. [Online]. Available: https://cloudsecurityalliance.org/csaguide.pdf, accessed on February 2012.

11.From Secure Virtualizaton to Secure Private Clouds. Gartner Research Note G00208057 (October 13, 2010).

12.Introduction to Cloud Computing. [Online]. Available: http://www.dialogic.com/Solutions/CloudCommunications/Build/~/media/product

(10)

Available Online at www.ijpret.com 1099

13.Cloud Deployment Models – Private, Community, Public, Hybrid with Examples. [Online]. Available: http://www.techno- pulse.com/2011/10/cloud- deployment-private-public-example.html, accessed on February 2012.

14.X. Zhang, H. Du, J. Chen, Y. Lin, and L. Zeng, “Ensure Data Security in Cloud Storage,” IEEE

International Conference on Network Computing and Information Security, pp.284-287, 2011.

15.R. Buyya, C.S. Yeo, S. Venugopal, J. Broberg and I. Brandic, “Cloud Computing and Emerging IT Platforms: Vision, Hype, and reality for delivering computing as the 5th utility”, Future Generation Computer System, 25(6), pp. 599-616, 2009.

16.Saurabh Kumar Garg and Rajkumar Buyya, “Green Cloud computing and Environmental Sustainability”.

17.Shuai Zhang, Shufen Zhang, Xuebin Chen and Xiuzhen Huo, “ Cloud Computing Research and Development Trend”, 2010, Second International Conference on Future Networks, pp. 93-97.

18.Subhashis Sengupta, Vikrant Kaulgud and Vibhu Saujanya Sharma, “Cloud Computing Security- Trends and Research Directions”, 2011, IEEE World Congress on Services, pp. 524-525.

Figure

Updating...