Secure Cloud Connectivity for Scientific Applications

Cloud computing improves utilization and flexibility in allocating computing resources while reducing the infrastructural costs. However, in many cases cloud technology is still proprietary and tainted by security issues rooted in the multi-user and hybrid cloud environment. A lack of secure connectivity in a hybrid cloud environment hinders the adaptation of clouds by scientific communities that require scaling-out of the local infrastructure using publicly available resources for large-scale experiments. In this article, we present a case study of the DII-HEP secure cloud infrastructure and propose an approach to securely scale-out a private cloud deployment to public clouds in order to support hybrid cloud scenarios. A challenge in such scenarios is that cloud vendors may offer varying and possibly incompatible ways to isolate and interconnect virtual machines located in different cloud networks. Our approach is tenant driven in the sense that the tenant provides its connectivity mechanism. We provide a qualitative and quantitative analysis of a number of alternatives to solve this problem. We have chosen one of the standardized alternatives, Host Identity Protocol, for further experimentation in a production system because it supports legacy applications in a topologically-independent and secure way.Peer reviewe

Technical Report on Deploying a highly secured OpenStack Cloud Infrastructure using BradStack as a Case Study

Cloud computing has emerged as a popular paradigm and an attractive model for providing a reliable distributed computing model.it is increasing attracting huge attention both in academic research and industrial initiatives. Cloud deployments are paramount for institution and organizations of all scales. The availability of a flexible, free open source cloud platform designed with no propriety software and the ability of its integration with legacy systems and third-party applications are fundamental. Open stack is a free and opensource software released under the terms of Apache license with a fragmented and distributed architecture making it highly flexible. This project was initiated and aimed at designing a secured cloud infrastructure called BradStack, which is built on OpenStack in the Computing Laboratory at the University of Bradford. In this report, we present and discuss the steps required in deploying a secured BradStack Multi-node cloud infrastructure and conducting Penetration testing on OpenStack Services to validate the effectiveness of the security controls on the BradStack platform. This report serves as a practical guideline, focusing on security and practical infrastructure related issues. It also serves as a reference for institutions looking at the possibilities of implementing a secured cloud solution.Comment: 38 pages, 19 figures

Selected aspects of security mechanisms for cloud computing – current solutions and development perspectives

The security aspects of cloud computing, especially the security of data, become more and more important. It is necessary to find and develop the new mechanisms to secure the cloud. The problem presented in the paper concerns the mechanisms for security of cloud computing with special attention paid to aspects of access control in clouds – the state of the art and the perspectives for the future

Secure cloud computing infrastructure for K-12 education

With cloud computing becoming more and more popular among businesses, there has become a higher demand for security in the cloud. K-12 school systems have a lack of IT resources and support to securely store and share data, thus making cloud services an attractive option. Additionally, there is increasing pressure on school systems to provide information for students and parents that require access to the information stored on school networks. Therefore, cloud services are a viable option for K-12 school systems to alleviate the administrative overhead and to provide access to necessary information for students and parents. This applied research project is an experimental design for addressing the issues that the K-12 school systems face. The secure cloud project consisted of four databases and three nodes. The databases were Keystone, Glance, Nova, and Neutron. First, the Keystone database handled the identity service. The second database was the image client, Glance. Images were launched through this database following a correct authentication token. The third database was Nova. Nova handled all the compute services for the controller and compute node. Fourth was the Neutron database service, which handled all the networking agents that traveled through all three nodes. There were three nodes; a compute node; a controller node; and a networking node to run the cloud. The controller node is the first to be used by verifying identity of the user. It then travels through the management network to the compute node that operates the virtualized network. Traffic between will be monitored by the network node to assign DHCP to each session. Future work to the secure cloud include: a security node to filter through the traffic to alert when an issue arises; and another server to allow for more space to be allocated for virtual machines. These improvements will enhance performance by segmenting information on a different secure network. © American Society for Engineering Education, 2017

Privacy in cloud computing

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2010O paradigma cloud computing está progressivamente a integrar-se nas tecnologias de informação e é também visto por muitos como a próxima grande viragem na indústria da computação. A sua integração significa grandes alterações no modo como olhamos para a segurança dos dados de empresas que decidem confiar informação confidencial aos fornecedores de serviços cloud. Esta alteração implica um nível muito elevado de confiança no fornecedor do serviço. Ao mudar para a cloud, uma empresa relega para o fornecedor do serviço controlo sobre os seus dados, porque estes vão executar em hardware que é propriedade do fornecedor e sobre o qual a empresa não tem qualquer controlo. Este facto irá pesar muito na decisão, de mudar para a cloud, de empresas que tratam informação delicada (p.ex., informação médica ou financeira). Neste trabalho propomos demonstrar de que forma um administrador malicioso, com acesso ao hardware do fornecedor, consegue violar a privacidade dos dados que o utilizador da cloud confiou ao prestador desses serviços. Definimos como objectivo uma análise detalhada de estratégias de ataque que poderão ajudar um administrador malicioso a quebrar a privacidade de clientes da cloud, bem como a eficácia demonstrada contra esses mesmos ataques por mecanismos de protecção já propostos para a cloud. Pretendemos que este trabalho seja capaz de alertar a comunidade científica para a gravidade dos problemas de segurança que actualmente existem na cloud e, que ao mesmo tempo, sirva como motivação para uma acção célere desta, de forma a encontrar soluções para esses problemas.The paradigm of cloud computing is progressively integrating itself in the Information Technology industry and it is also seen by many experts as the next big shift in this industry. This integration implies considerable alterations in the security schemes used to ensure that the privacy of confidential information, companies entrust to the cloud provider, is kept. It also means that the level of trust in the cloud provider must be considerably high. When moving to the cloud, a company relinquishes control over its data to the cloud provider. This happens because, when operating in the cloud, the data is going to execute on top of the hardware owned by the cloud provider and, in this scenario, the client has no control over that hardware. Companies that deal with sensitive data (e.g., medical or financial records) have to weigh the importance of this problem when considering moving their data to the cloud. In this work, we provide a demonstration of how a malicious administrator, with access to the hardware of the cloud provider, is capable of violating the privacy of the data entrusted to the cloud provider by his clients. Our objective is to offer a detailed analysis of attack strategies that can be used by a malicious administrator to break the privacy of cloud clients, as well as the level of efficacy demonstrated by some protection mechanism that have already been proposed for the cloud. We also hope that this work is capable of capturing the attention of the research community to the security problems existent in the cloud and, that at the same time, it works as a motivation factor for a prompt action in order to find solutions for these problems

Cloud Computing Security: A Survey

Today, the world of Internet and Information technology, which is turned into a crucial part of human life, is growing rapidly. In this direction, the needs of societies` members including: information security, fast processing, immediate & dynamic access and the most important one, cost saving have been taken into consideration. Security issues used to be the main challenge of the systems` users constantly. A crucial achievement, by which users` data are accessed broadly & comprehensively, is cloud computing and storage in clouds, but this requires establishing data security in a very reliable environment. Cloud based computing, as a new generation of computing infrastructure, was created to reduce the costs of hardware & software resource management and it`s success is due to it`s efficacy, flexibility and it`s security in comparison to other computing approaches. Supporting security of stored data is one of the difficulties and issues discussed in cloud computing field. Our goal is to understand present challenges and solutions in cloud based environment; furthermore, we investigate present algorithms, in terms of application`s speed both in cloud based environment and local networks