Cloud computing has arrived as a solution to reduce costs in organizations and at the same time offer on-demand resources and computation without requiring to create an IT infrastructure. Services, such as Amazon Web Services (AWS) or Microsoft Azure provide a means for organizations to instantly provision and de-provision virtual machines (VM) depending on their needs, just paying for what they use. In order to make the necessary environment, cloud service providers (CSP) make use of virtualization technologies to maximize the value of their systems. Servers have always needed to run alone in physical machines to avoid other services to interfere with them; but the downside of this was the waste of resources. Virtualization enables the use of all the resources in a physical host by sharing them between the guest operating systems (OS). Many organizations have already deployed private clouds on their own infrastructures or through third parties. However, Public Clouds provide an additional advantage that makes it extremely attractive, cost savings. The resources for a cloud consumer seem to be unlimited by sharing all the host machines between different organizations. At the same time, the CSPs can easily maximize the use of each physical machine. Multi-tenancy is the name that receives this computational model. However, there is a drawback on multi-tenancy and public clouds. Host systems are shared between multiple tenants with different owners and one of them could potentially be a malicious attacker or even a competitor. Now someone trying to compromise an organizationís business processes or data will not need to break through their traditional lines of defense. The traditional perimeter in their networks no longer exists. Now an organizationís systems coexist shoulder to shoulder with unknown tenants with potential malicious intentions. The virtualization layer adds a new attack surface to be compromised where the hypervisor and the resident VMs can be the target. The alarms have been triggered, stopping many organizations on their path to the Cloud. This research paper aims to provide an overview of the security issues that this new computational model arises. The problem will be aboard from the general cloud computing term, through multi-tenancy, down to virtualization. The main goal is to explore and analyze the different threats that virtualization and multi-tenancy combined bring to the Cloud. More specifically, the venues to compromise a VM or a hypervisor in a physical machine will be analyzed and recommendations will be given on how to mitigate the risks.
Prof. Dr. G. Manoj Someswar, Hemalatha Kalaskar
Virtual machines (VM), Cloud Security Alliance (CSA), Infrastructure-as-a-Service (IaaS), Proofs-of-Concepts (PoC), Distributed Management Task Force (DMTF), European Network and Information Security Agency (ENISA)
- O. Acıiçmez, C. Kaya Koç, and J.P. Seifert, On the power of simple branch prediction analysis, IACR Cryptology ePrint Archive, report 2006/351, 2006.
- Acıiçmez, and J.P. Seifert, Cheap hardware parallelism implies cheap security, Workshop on Fault Diagnosis and Tolerance in Cryptography – FDTC ’07, pp. 80–91, IEEE, 2007.
- O. Acıiçmez, Ç. Kaya Koç, and J.P. Seifert, Predicting secret keys via branch prediction, RSA Conference Cryptographers Track – CT-RSA ’07, LNCS vol. 4377, pp. 225–242, Springer, 2007.
- C. Almond, P. C. Chiquito, C. H. Fachim, S. Kim, M. Okajima and P. Rämö, Multitenant Utility Computing on IBM Power Systems Running AIX, IBM Redbooks, February 2009, http://www.redbooks.ibm.com/redbooks/pdfs/sg247681.pdf
- Amazon Web Services, Zeus Botnet Controller, Accessed on July 2011, http://aws.amazon.com/es/security/zeus-botnet-controller.
- Amazon Elastic Compute Cloud (EC2), http://aws.amazon.com/en/ec2, A. M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang and N. C. Skalsky, HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity, Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010) Chicago, Il, October 2010.
- S. Bozidar, Hacking Virtual Machines Part 1 – Sniffing, Accesed on July 2011, http://www.shortinfosec.net/2010/10/hacking-virtual-machines-part-1.html
- A. Cargile, Hypervisor Security Concerns, December,2009,http://thecoffeedesk.com/news/index.php/2009/12/01/hypervisor-security-concerns.
- R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka and J. Molina, Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control, Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW 2009), 2009 November 13, Chicago, IL. NY: ACM; 2009; 85-90.
- The Center for Internet Security, Security Configuration Benchmark for VMware ESX 3.5, December2009,http://benchmarks.cisecurity.org/tools2/vm/CIS_VMware_ESX_Server_3.5_Benchmark_v1.2.0.pdf
- P. Cox, Top virtualization security risks and how to prevent them, April 2011, http://searchcloudsecurity.techtarget.com/tip/Top-virtualization-security-risks-and-how-to-prevent them.
- Cloud Security Alliance, Security Guidance for Critical Areas of Focus in Cloud Computing V2.1, December 2009, https://cloudsecurityalliance.org/wp-content/uploads/2011/07/csaguide.v2.1.pdf
|Published in :
||Volume 2 | Issue 1 | January-Febuary - 2016
|Date of Publication
Cite This Article
Prof. Dr. G. Manoj Someswar, Hemalatha Kalaskar, "Design & Development of a Computational Model using Virtualization and Multi-tenancy Technologies for Cloud Computing Architecture", International Journal of Scientific Research in Science, Engineering and Technology(IJSRSET), Print ISSN : 2395-1990, Online ISSN : 2394-4099, Volume 2, Issue 1, pp.369-381, January-Febuary-2016.
URL : http://ijsrset.com/IJSRSET162182.php