1,283 research outputs found
Technical Report on Deploying a highly secured OpenStack Cloud Infrastructure using BradStack as a Case Study
Cloud computing has emerged as a popular paradigm and an attractive model for
providing a reliable distributed computing model.it is increasing attracting
huge attention both in academic research and industrial initiatives. Cloud
deployments are paramount for institution and organizations of all scales. The
availability of a flexible, free open source cloud platform designed with no
propriety software and the ability of its integration with legacy systems and
third-party applications are fundamental. Open stack is a free and opensource
software released under the terms of Apache license with a fragmented and
distributed architecture making it highly flexible. This project was initiated
and aimed at designing a secured cloud infrastructure called BradStack, which
is built on OpenStack in the Computing Laboratory at the University of
Bradford. In this report, we present and discuss the steps required in
deploying a secured BradStack Multi-node cloud infrastructure and conducting
Penetration testing on OpenStack Services to validate the effectiveness of the
security controls on the BradStack platform. This report serves as a practical
guideline, focusing on security and practical infrastructure related issues. It
also serves as a reference for institutions looking at the possibilities of
implementing a secured cloud solution.Comment: 38 pages, 19 figures
Infrastructure as a service: exploring network access control challenges
Cloud Computing Infrastructure as a Service (IaaS) is a great model for outsourcing IT infrastructure. It is built to offer fascinating features to support business development, such as elasticity, multi-tenancy, configurability and dynamicity.
However, IaaS faces security challenges on account of its flexible nature. For this article, we studied the IaaS characteristics and investigated their related security challenges. We then elaborated these security challenges by exploring the security threats on live virtual machine migration as it is one of the main IaaS operations. We found that proper access control techniques and models are a critical element in enhancing IaaS and mitigating the identified security threats. Therefore, we investigated and contrasted the implemented and the proposed firewall architectures in IaaS as a firewall is a basic security appliance that enforces access control.
We also explored and contrasted the proposed access control models in the IaaS. It was found that the traditional firewalls and access control models were not sufficient for IaaS. Therefore, there is a need to develop a proper access control model and
enforcement techniques to mitigate IaaS security threats. Based on the security research trend and the results obtained in this articles exploration, we endorse an IaaS access control system built on a computational intelligent approach
Building an Emulation Environment for Cyber Security Analyses of Complex Networked Systems
Computer networks are undergoing a phenomenal growth, driven by the rapidly
increasing number of nodes constituting the networks. At the same time, the
number of security threats on Internet and intranet networks is constantly
growing, and the testing and experimentation of cyber defense solutions
requires the availability of separate, test environments that best emulate the
complexity of a real system. Such environments support the deployment and
monitoring of complex mission-driven network scenarios, thus enabling the study
of cyber defense strategies under real and controllable traffic and attack
scenarios. In this paper, we propose a methodology that makes use of a
combination of techniques of network and security assessment, and the use of
cloud technologies to build an emulation environment with adjustable degree of
affinity with respect to actual reference networks or planned systems. As a
byproduct, starting from a specific study case, we collected a dataset
consisting of complete network traces comprising benign and malicious traffic,
which is feature-rich and publicly available
Exploring the firewall security consistency in cloud computing during live migration
Virtualization technology adds great opportunities and challenges to the cloud computing paradigm. Resource management
can be efficiently enhanced by employing Live Virtual Machine Migration (LVMM) techniques. Based on the literature
of LVMM implementation in the virtualization environment, middle-boxes such as firewalls do not work effectively after LVMM as it introduces dynamic changes in network status and traffic, which may lead to critical security vulnerabilities. One key security hole is that the security context of the firewall do not move with the Virtual Machine
after LVMM is triggered. This leads to inconsistency in the firewall level of protection of the migrated Virtual Machine.
There is a lack in the literature of practical studies that address this problem in cloud computing platform. This paper demonstrates a practical analysis using OpenStack testbed to study the firewalls limitations in protecting virtual machines after LVMM. Two network scenarios are used
to evaluate this problem. The results show that the security context problem does not exist in the stateless firewall but can exist in the stateful firewall
Improving Security in Software-as-a-Service Solutions
The essence of cloud computing is about moving workloads from your local IT infrastructure to a data center that scales and provides resources at a moments notice. Using a pay-as-you-go model to rent virtual infrastructure is also known as a Infrastructure-as-a-Service (IaaS) offering. This helps consumers provision hardware on-demand without the need for physical infrastructure and the challenges and costs that come with it. When moving to the cloud, however, issues regarding the confidentiality, integrity, and availability of the data and infrastructure arise, and new security challenges compared to traditional on-premises computing appear. It is important for the consumer to know exactly what is their responsibility when it comes to securing software running on IaaS platforms. Axis has one such software solution, henceforth referred to as the 'Axis-hosted cloud service'. There is a need for Axis to improve the client-cloud communication, and in this report, we detail a prototype solution for a new secure communication between client and cloud. Additionally, an evaluation of the prototype is presented. The evaluation is based on a model constructed by studying literature from state-of-the-art cloud service providers and organizations dedicated to defining best practices and critical areas of focus for cloud computing. This was collected and compiled in order to present a summary of the most important aspects to keep in mind when deploying software on an IaaS. It showed that the cloud service fulfills many industry best-practices, such as encrypting data in transit between client and cloud, using virtual private clouds to separate infrastructure credentials from unauthorized access, and following the guidelines from their infrastructure provider. It also showed areas where there was a need for improvement in order to reach a state-of-the-art level. The model proved to be a useful tool to ensure that security best practices are being met by an organization moving to the cloud, and specifically for Axis, the prototype communication solution can be used as a base for further development
Identity management in a public IaaS Cloud
In this thesis the unique environment that is the public IaaS cloud along with its differences from a traditional data center environment has been considered. The Cloud Security Alliance (CSA), states that “Managing identities and access control for enterprise applications remains one of the greatest challenges facing IT today”. The CSA also points out that “there is a lack of consistent secure methods for extending identity management into the cloud and across the cloud” [1]. This thesis examines this challenge of managing identities in the cloud by developing a list of best practices for implementing identity management in the cloud. These best practices were then tested by simulated misuse cases which were tested in a prototype of the implementation strategy. The results and analysis of the misuse cases show that the implementation of the identity management solution solves the problem of managing identities for the control of the infrastructure in the cloud. However, the analysis also shows that there are still areas where the properly implemented identity management solution fails to mitigate attacks to the infrastructure. These failures in particular are attacks that are sourced from the subscriber environments in the cloud. Finally, the best practices from this thesis also present some consistent methods for extending identity management into the cloud
Concepts of Cloud Computing and Protection of Data in Cloud Computing
The internet has changed the world in a strong way.it has traveled from the concept of parallel computing to distributed computing to grid computing and recently to cloud computing. Cloud computing is a recent trend in Information Technology that moves computing and data away from desktop and portable personal computers into large data center. The main advantage of cloud computing is the user cannot pay for infrastructure, its installation, required man power to handle such infrastructure and maintenance. Cloud computing technology is collecting success stories of savings, ease of use, ease of access and increased flexibility in controlling how resources are used at any given time to deliver computing capability. Cloud providers who can demonstrate that they protect personal information may be more truthful and therefore more attractive to potential Cloud users. The cloud service can be implemented in three different service models, such as Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS). Data security and privacy protection issues are relevant to both hardware and software in the cloud architecture. This study is to review the concepts of cloud computing and different security techniques and protecting data in the cloud. Keywords: Cloud computing, Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Infrastructure-as-a-Service (IaaS). DOI: 10.7176/CEIS/10-4-01 Publication date:May 31st 201
IaaS-cloud security enhancement: an intelligent attribute-based access control model and implementation
The cloud computing paradigm introduces an efficient utilisation of huge computing
resources by multiple users with minimal expense and deployment effort
compared to traditional computing facilities. Although cloud computing has incredible
benefits, some governments and enterprises remain hesitant to transfer
their computing technology to the cloud as a consequence of the associated security
challenges. Security is, therefore, a significant factor in cloud computing
adoption. Cloud services consist of three layers: Software as a Service (SaaS), Platform
as a Service (PaaS), and Infrastructure as a Service (IaaS). Cloud computing
services are accessed through network connections and utilised by multi-users who
can share the resources through virtualisation technology. Accordingly, an efficient
access control system is crucial to prevent unauthorised access.
This thesis mainly investigates the IaaS security enhancement from an access
control point of view. [Continues.
- …