Conference PaperPDF Available

Figures

Content may be subject to copyright.
A Framework to Secure the Virtual Machine Image in
Cloud Computing
Raid Khalid Hussein, Ahmed Alenezi, Gary B. Wills and Robert J. Walters
Electronics and Computer Science
University of Southampton
Southampton, UK
{rkh2n14, aa4e15, gbw, rjw1}@soton.ac.uk
Abstract Cloud computing which uses outsourcing and remote
processing of applications first appeared about ten years ago.
Cloud Computing built on research in virtualization, distributed
computing, utility computing, and web services. It reduces the
information technology overhead for starting a new business and
it can be accessed from anywhere. One of the concepts used for
constructing cloud computing is virtualization, which has its own
security risks, but they are not specific to the cloud. The key
drawback to adopting cloud computing is security since clients
use someone else’s CPU and hard disk for processing and storing
data. This paper proposes a security framework to secure Virtual
Machine Images in a virtualization layer in the cloud
environment. Securing the virtual machine image is significant as
it will most probably affect the security of cloud computing.
Keywords: cloud computing, information security,
virtualization, multi-tenancy, resource sharing.
I.
I
NTRODUCTION
Cloud computing adoption is growing tremendously; it
presents a computing paradigm for the 21st century. It is a
computer technology and a set of internet-based enterprise
applications that resulted from the increase in network
bandwidth, thus today’s users benefit from high quality
services for data and for application software. Cloud
computing is scalable and uses virtualization to share
resources. Cloud consumers use a resource pool that includes a
large volume of computing resources for distributing
computing missions that require significant processing power.
Internet users are able to reserve storage space online to save
their data and are capable of acquiring computing resources to
process their information according to their needs [1].
There are many security issues in cloud computing which are
related to virtualization, database, resource scheduling, load
balancing and networks [2]. Many organizations feel that it is
dangerous to move their sensitive data to centralized data
centers, since management of the datacenter might not be
trustworthy [3]. Moving databases to a data center involves
many security challenges such as virtualization vulnerability,
access control issues, integrity and confidentiality [4].
Virtualization is a key component of cloud computing; it
reduces the cost of hardware and the cost of energy saving
techniques [5]. Three types of virtualization are used:
operating system level virtualization, application level
virtualization, and Virtual Machine Monitor or hypervisor
level virtualization [6]. When two different instances run on
the same physical machine, this might affect the data security
as virtualization is not completely isolated. In addition, Virtual
Machine Monitor or hypervisor (VMM) does not offer
complete control over the host and its operating system (OS)
[7].
One of the features of cloud computing is multi-tenancy.
Multi-tenancy is considered one of the most beneficial features
of cloud computing, but it is a threat to security as it shares the
infrastructure resources among different customers [8]. There
is no absolute separation in the hardware layer in cloud
computing, so data leakage might occur. Data leakage refers to
the viewing or stealing of confidential or sensitive data by an
unauthorized person [9].
This paper propose a framework of security requirements to
secure shared virtual machine (VM) images in cloud
computing. The next sections are organized as follows.
Section II describes the security issues at different layers in
cloud computing. Section III describes the proposed security
framework to secure the shared VM image in cloud
computing. Finally, the paper concludes in section IV.
II. C
LOUD
S
ECURITY
I
SSUES
According to the National Institute of Standards and
Technology (NIST), security is the main obstacle delaying the
adoption of cloud computing [10]. Cloud computing has some
vulnerabilities that might affect the core principles of
information security. Vulnerability in cloud computing refers
to weaknesses in the system that might be exploited by an
attacker to obtain unauthorized access to the resources. A
threat refers to potential abuse by an attacker to obtain
unlawful access to the resources [11]. Security issues in
different layers in cloud computing are summarized by [6] as
shown in Figure
1
:
Application level issues
Network level issues
Data storage level issues
Virtualization level issues
Authentication and access control level security issues
Trust level security issues
2016 IEEE International Conference on Smart Cloud
978-1-5090-5263-9/16 $31.00 © 2016 IEEE
DOI 10.1109/SmartCloud.2016.19
35
Figure 1 Security issues in Cloud Computing
A. Virtualization (Multi-tenancy)
Virtualization has a crucial role in cloud computing as it
helps the IT industries lower the cost and improve the
performance of their applications [12]. Virtualization means “a
way of making a physical computer function as if it were two
or more computers where each non-physical or virtualized
computer is provided with the same basic architecture as that
of a generic physical computer. Virtualization technology
therefore allows the installation of an OS on hardware that
does not really exist.” [13]. In virtualization, the resources can
be joint or split across multiple environments. These
environments are called VM. The VM hosts the guest OS [14].
A VMM is one of visualization components which permit the
guest OS to be hosted on host computer[12].
Multi-tenancy is a useful feature in cloud computing.
Multi-tenancy is defined as “a property of a system where
multiple customers, so-called tenants, transparently share the
system’s resources, such as services, applications, databases,
or hardware, with the aim of lowering costs, while still being
able to exclusively configure the system to the needs of the
tenant” [15]. There are two kinds of multi-tenancy: the
multiple instance and native multi-tenancy. In multiple
instance tenancy, each tenant is served by a dedicated
application instance from a shared OS, hardware, and
middleware server in a hosted environment. In native
multi-tenancy, one instance of a program can serve several
tenants over many hosting resources. In the SaaS model,
multi-tenancy can be applied to four different software layers:
application layer, middleware layer, the virtual layer, and the
OS layer [16].
In spite of multi-tenancy bringing significant benefits to
cloud computing, since it reduces cost and saves energy,
security experts see multi-tenancy as vulnerable as it affects
confidentiality [17]. Eliminating the virtualization layer will
avoid the security hazards caused by multi-tenancy but this
would exclude vital features like VM Mobility [18]. VM
Mobility is very beneficial for cloud service providers and it is
very helpful in saving energy. However, multi-tenancy
problems cannot be mitigated by traditional security
techniques in the case when both attacker and victim are on
the same physical machine as shown in Figure 2 .To secure
against this vulnerability, it is important to understand how the
attack is performed.
Firstly, a target VM is identified by the network probing
mechanism. A network probing mechanism is used to find the
physical topology of the network that contains the servers
connected to it and the IPs, which are used to recognize the
victim. Secondly, by taking the advantage of multi-tenancy,
the attacking VM is allocated close to the target VM using a
brute force attack. The brute force attack is a mechanism used
to run an attack operation multiple times until a breach is
achieved. Finally, based on the information gathered from the
network probing, the side channel attack is generated to
extract the data from the victim [17].
In virtualized (multi-tenancy) environment, each user is
allocated a VM that hosts a guest OS. VMs that belong to
different users can share the same physical resources through
resource pooling. VMM is used to control the VMs and allow
the many OS to run on the same physical hardware [19]. The
virtualized (multi-tenancy) environment has introduced
security issues, for instance VM isolation. VM isolation is the
concept that VMs running on the same physical hardware need
to be isolated from each other.
Figure 2 Multi-tenancy security issues
Application
level issues
Network
level issues
Data Storage
level issues
Authentication
and access
control level
Trusted level
issues
Virtualization level Issues
VM isolation VM rollback VM escape
VM migration VM sprawl VM image
sharing
36
Moreover, VM migration happens due to load balancing,
maintenance and fault tolerance. The migrated VM can be
compromised by an attacker and relocated to an infected
VMM or compromised server [20]. Furthermore, VM rollback
occurs, when a VM can be rolled back to a previous state
when necessary. This facility provides flexibility to the user
but it raises security problems. It might also render the VM
prone to a vulnerability that has already been solved
previously [11].
In addition, a VM may escape from control of the VVM. If
the VM escapes, it can provide the attacker with the ability to
access other VMs in the same hardware, or it might bring the
VMM down [21]. Subsequently, VM sprawl happens when the
number of VMs on the host system is increasing and most of
them are in the idle state. This situation leads to wasting the
resources of the host machine on a large scale [22].
Eventually, VM image sharing occurs when a client can use
the VM image from the repository or can create his/her own
VM image. A malicious user can upload an infected image
that contains malware to be used by other users. An infected
VM image can be used to monitor the users’ data and
activities [19].
B. Related work
The security issues related to virtualization in cloud
computing are VM isolation, VM migration, VM rollback,
VM escape, VM sprawl, and VM image sharing. VM image
sharing is one of the most common threats to cloud security as
it is the initial state for the VMs [19]. Confidentiality and
integrity need to be considered for securing the VM image, as
unauthorized access and a malicious image allows an attacker
to modify, delete, change the administrator password, or create
a malicious VM image. There is also the risk of non
compliance, which is running unlicensed software or expired
licensed software [6].
Many studies have been conducted on secure sharing of
VM images. An image management system (IMS) was
designed to secure the VM image [23]. This system could
fulfil four security controls: access control, outdated software
detection, leftover owner’s data removal, and malware
protection. The study did not satisfy other security
requirements like privacy and integrity. Kazim, Masood and
Shibli [24] suggested EVDIC to secure the VM image. Their
idea is to encrypt the VM image whenever it terminates. This
method could achieve privacy, integrity, and access control
security. However, EVDIC did not cover outdated software
detection and leftover owner’s data removal, which are
essential to secure the VM image. A technique to check for
software update to the VM image was demonstrated by both
[25] and [26]. These approaches could check for the software
updates in the VM image but these techniques do not take into
consideration all of the security controls. A study [27]
hypothesized OPS-offline that could identify and update the
VM image, but could not satisfy other security controls such
as privacy, Integrity, access control and leftover owner’s data
removal. From all these studies, it can be seen that no one
study consider all the security controls used to secure the VM
image. Therefore, a technique is required that will secure
sharing the VM image.
III. R
ESEARCH
M
ETHODOLOGY
It was found that sharing the VM image can cause security
problems as it is a template used to initialize a new VM [6]. If
the VM image is not secure, it will affect the security of the
cloud computing. This paper proposes a framework for
securing the VM image in the virtualization level in the cloud.
A. Framework construction
A research plan is proposed to resolve the VM image
security issue with a framework. The framework is divided
into two stages, as shown in Figure 3.
Stage one
Stage two
Figure 3 Framework Development Process
1) Identifying security controls (Stage one)
Security controls to secure sharing of VM images in cloud
computing are identified and gathered. They are: Privacy,
Integrity, Access control, outdated software detection, Leftover
data removal, and Malware protection. No study
comprehensively covered all the security requirements [19],
and these controls did not take into consideration the views of
industry. Therefore, security controls from industry need to be
collected from specialized organizations like Cloud Security
Alliance (CSA) and National Institute of Standard and
Technology (NIST).
The CSA is a non-profit organization that promotes awareness
of the need to ensure protection of the cloud computing
environment. CSA uses the experience of industry, government
and association employees to offer cloud security education,
certification, and products [7]. The CSA has published a cloud
controls matrix (CCM), which provides customers and the
vendors with a table of fundamental security principles to help
Industry standard security
controls
Academic literature review
security controls
Investigate and Identify security controls
Remove duplicates, analyze
security controls and remove
semantics
Conceptual framework
37
in assessing the overall security risk of cloud providers. CCM
explains in detail the principles and security concepts for 13
domains in cloud security. The CCM includes all the controls
from other industry-accepted security standards like NIST, ISO
27001/27002, ISACA, PCI, Jericho Forum, and NERC CIP.
Stage one in Figure 3 illustrates the collection of security
controls from industry and academia.
Figure 4 shows a list of security controls from CCM regarding
the virtualization security level in cloud computing.
Figure 4 Security Controls from CCM [28]
2) Framework construction (Stage two)
In stage two in Figure 3, security controls from the
academic literature are compared with security controls
collected from industry standards to remove the duplicates. The
resulting list is shown in Figure 5. The security controls need to
be analyzed for semantically similar concepts or principles
related to each other or that have the same meaning. In this
case, access control and authorization are related to each other
so that access control is replaced with authorization [29]. As a
result, an initial framework (Conceptual) of 13 security
controls is proposed as shown in Figure 6.
The security controls are described below.
Privacy: As used in information technology, deals with
the ability to determine which data may be shared. This
aspect is achieved by encryption and authentication
[30] .
Availability means the information has to be available
when it is needed. Systems with high availability allow
access to the data all the time and prevent service
disruptions due to hardware failure, system upgrades,
power outages, power failure, operating system or
application problems [31].
Integrity means the information remains unaltered
while it is stored or being transmitted, but it can be
modified and deleted by authorized people only[32].
Trust: An aim to accept vulnerability based on the
favourable intentions or behaviour of another person
or party [33].
Leftover owner’s data removal: A technique used to
remove authentication details and private data from
the VM image [23].
Figure 5
Combined list of security controls
Security Controls
From
Academic
Literature
Security Controls
From
Industry
Standards
Privacy
Authentication
Integrity
Accountability
Access control
Auditing
Outdated software
detection
Regulatory
compliance
Leftover data
removal
Trust
Malware
protection
Availability
Encryption
Remove
duplicates
Privacy Leftover data
removal Encryption
Availability Malware
protection
Regulatory
compliance
Integrity Outdated software
detection Accountability
Trust Authentication Auditing
Access control
38
Malware protection: A technique used to remove
malware and pirated software from the VM image
[27].
Outdated software detection: The check that software
in the VM image is updated or not [19].
Authentication: The process of identifying the
customer as one authorized to use the cloud service.
This is achieved by comparing the file of authorized
users’ information in the database with credentials
provided by the user [34].
Authorization: This refers to the process performed by
an administrator to grant access to the customer of a
service by checking the customer’s rights and which
resources they can use [35].
Encryption: A technique used to secure shared data in
a shared environment. In information systems,
encryption is achieved by converting the data to a
form that can be understood by authorized people
[36].
Regulatory compliance: Conformity to rules like
policy, law, and specifications relevant to the business
while an organization is working on the goal they
wish to achieve [37].
Accountability: A measure of the amount of
information an authorized customer is using during his
session. This includes the quantity of data and time
which is used to set authorization control [37].
Auditing: The measure of information system security
that meets a set of established criteria. Audit is the
systematic security assessment of the information
related to an organization and how much it conforms
to a set of criteria [4].
Figure 6 Initial Framework for Securing the Shared VM Image
IV.
CONCLUSION
Cloud computing is a new processing paradigm that
increases efficiency, reduces cost, provides on-demand access
to a shared pool of resources and services, provided with
minimum management effort. Security is the main impediment
to adopting cloud computing, as the end-user data are stored on
the service provider’s server. Security problems have been
discussed, based on the cloud layers, since each layer has its
own problems. Issues in the virtualization layer is one of the
main challenges that affects the security of the data storage
layer and the application layer.
Multi-tenancy introduces issues in the virtualization layer and
these problems affect the VMs, the VMM and the OS. The VM
image is the initial state of the VM and an infected VM could
influence security. Therefore, VM image framework is
proposed to secure the stored VM image in the repository.
R
EFERENCES
[1] L. Yan, C. Rong, and G. Zhao, “Strengthen cloud computing security
with federal identity management using hierarchical identity-based
cryptography,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes
Artif. Intell. Lect. Notes Bioinformatics), vol. 5931 LNCS, pp. 167–177,
2009.
[2] B. Hamlen, K., Kantarcioglu, M., Khan, L. and Thuraisingham,
“Security Issues for Cloud Computing,” Proc. - 9th Int. Conf. Comput.
Intell. Secur. CIS 2013, pp. 150–162, 2012.
[3] M. a. AlZain, E. Pardede, B. Soh, and J. a. Thom, “Cloud computing
security: From single to multi-clouds,” Proc. Annu. Hawaii Int. Conf.
Syst. Sci., pp. 5490–5499, 2011.
[4] C. Wang, Q. Wang, K. Ren, and W. Lou, “Privacy-preserving public
auditing for data storage security in cloud computing,” Proc. - IEEE
INFOCOM, 2010.
[5] T. Swathi, K. Srikanth, and S. R. Reddy, “Virtualization in Cloud
Computing,” Int. J. Comput. Sci. Mob. Comput., vol. 35, no. 5, pp.
540–546, 2014.
[6] C. Modi, D. Patel, B. Borisaniya, A. Patel, and M. Rajarajan, “A survey
on security issues and solutions at different layers of Cloud
computing,” J. Supercomput., vol. 63, no. 2, pp. 561–592, 2013.
[7] S. Subashini and V. Kavitha, “A survey on security issues in service
delivery models of cloud computing,” J. Netw. Comput. Appl., vol. 34,
no. 1, pp. 1–11, 2011.
[8] S. K. Abd, R. T. Salih, and F. Hashim, “Cloud Computing Security
Risks with Authorization Access for Secure Multi-Tenancy Based on
AAAS Protocol,” IEEE Reg. 10 Conf. TENCON, pp. 1–5, 2015.
[9] H. Aljahdali, A. Albatli, P. Garraghan, P. Townend, L. Lau, and J. Xu,
“Multi-tenancy in cloud computing,” Proc. - IEEE 8th Int. Symp. Serv.
Oriented Syst. Eng. SOSE 2014, pp. 344–351, 2014.
[10] N. Kshetri, “Privacy and security issues in cloud computing: The role
of institutions and institutional evolution,” Telecomm. Policy, vol. 37,
no. 4–5, pp. 372–386, 2013.
[11] K. Hashizume, D. Rosado, E. Fernández-Medina, and E. Fernandez,
“An analysis of security issues for cloud computing,” J. Internet Serv.
Appl., vol. 4, no. 5, pp. 1–13, 2013.
[12] F. Sabahi, “Virtualization-level security in cloud computing,” in 2011
IEEE 3rd International Conference on Communication Software and
Networks, 2011, pp. 250–254.
[13] S. Carlin, “Cloud Computing Security,” Artif. Intell., vol. 3, no. March,
pp. 14–16, 2011.
[14] R. Buyya, R. Buyya, C. S. Yeo, C. S. Yeo, S. Venugopal, S.
39
Venugopal, J. Broberg, J. Broberg, I. Brandic, and I. Brandic, “Cloud
computing and emerging IT platforms: Vision, hype, and reality for
delivering computing as the 5th utility,” Futur. Gener. Comput. Syst.,
vol. 25, no. 6, p. 17, 2009.
[15] J. Kabbedijk, C.-P. Bezemer, S. Jansen, and A. Zaidman, “Defining
multi-tenancy: A systematic mapping study on the academic and the
industrial perspective,” J. Syst. Softw., vol. 100, pp. 139–148, 2015.
[16] J. Espadas, A. Molina, G. Jim??nez, M. Molina, R. Ram??rez, and D.
Concha, “A tenant-based resource allocation model for scaling
Software-as-a-Service applications over cloud computing
infrastructures,” Futur. Gener. Comput. Syst., vol. 29, no. 1, pp. 273–
286, 2013.
[17] H. Aljahdali, P. Townend, and J. Xu, “Enhancing multi-tenancy
security in the cloud IaaS model over public deployment,” Proc. - 2013
IEEE 7th Int. Symp. Serv. Syst. Eng. SOSE 2013, pp. 385–390, 2013.
[18] R. Wu, G.-J. Ahn, H. Hu, and M. Singhal, “Information flow control in
cloud computing,” 2010 6th Int. Conf. Collab. Comput. Networking,
Appl. Work., pp. 1–7, 2010.
[19] M. Ali, S. U. Khan, and A. V. Vasilakos, “Security in cloud computing:
Opportunities and challenges,” Inf. Sci. (Ny)., vol. 305, pp. 357–383,
2015.
[20] F. Zhang and H. Chen, “Security-Preserving Live Migration of Virtual
Machines in the Cloud,” J. Netw. Syst. Manag., pp. 562–587, 2012.
[21] W. A. Jansen, “Cloud hooks: Security and privacy issues in cloud
computing,” Proc. Annu. Hawaii Int. Conf. Syst. Sci., no. iv, p. 42,
2011.
[22] K. Sunil Rao and P. Santhi Thilagam, “Heuristics based server
consolidation with residual resource defragmentation in cloud data
centers,” Futur. Gener. Comput. Syst., vol. 50, pp. 87–98, 2015.
[23] J. Wei, X. Zhang, G. Ammons, V. Bala, and P. Ning, “Managing
security of virtual machine images in a cloud environment,” Proc. 2009
ACM Work. Cloud Comput. Secur. - CCSW ’09, no. Vm, p. 91, 2009.
[24] M. Kazim, R. Masood, and M. A. Shibli, “Securing the virtual machine
images in Cloud computing,” SIN 2013 - Proc. 6th Int. Conf. Secur. Inf.
Networks, pp. 425–428, 2013.
[25] R. Schwarzkopf, M. Schmidt, C. Strack, S. Martin, and B. Freisleben,
“Increasing virtual machine security in cloud environments,” J. Cloud
Comput. Adv. Syst. Appl., vol. 1, no. 1, p. 12, 2012.
[26] D. Jeswani, A. Verma, P. Jayachandran, and K. Bhattacharya,
“ImageElves: Rapid and reliable system updates in the cloud,” Proc. -
Int. Conf. Distrib. Comput. Syst., no. i, pp. 390–399, 2013.
[27] K. Fan, D. Mao, Z. Lu, and J. Wu, “OPS: Offline patching scheme for
the images management in a secure cloud environment,” Proc. - IEEE
10th Int. Conf. Serv. Comput. SCC 2013, pp. 587–594, 2013.
[28] Cloud Security Alliance, “Cloud Controls Matrix Working Group,”
2014. [Online]. Available:
https://cloudsecurityalliance.org/group/cloud-controls-matrix/.
[29] R. Sandhu, D. Ferraiolo, and R. Kuhn, “The NIST model for role-based
access control,” Proc. fifth ACM Work. Role-based access Control -
RBAC ’00, pp. 47–63, 2000.
[30] H. J. Smith, S. J. Milberg, and S. J. Burke, “Information Privacy:
Measuring Individuals’ Concerns about Organizational Practices,”
Manag. Inf. Syst. Q., vol. 20, no. 2, pp. pp. 167–196, 1996.
[31] M. Zhou, R. Zhang, W. Xie, W. Qian, and A. Zhou, “Security and
privacy in cloud computing: A survey,” Proc. - 6th Int. Conf. Semant.
Knowl. Grid, SKG 2010, pp. 105–112, 2010.
[32] R. Sandhu and S. Jajodia, “Integrity principles and mechanisms in
database management systems,” Comput. Secur., vol. 10, no. 5, pp.
413–427, 1991.
[33] S. Pearson and A. Benameur, “Privacy, Security and Trust Issues
Arising from Cloud Computing,” 2010 IEEE Second Int. Conf. Cloud
Comput. Technol. Sci., pp. 693–702, 2010.
[34] H. Chang and E. Choi, “User Authentication in Cloud
Computing\nUbiquitous Computing and Multimedia Applications,”
vol. 151, pp. 338–342, 2011.
[35] D. Zissis and D. Lekkas, “Addressing cloud computing security issues,”
Futur. Gener. Comput. Syst., vol. 28, no. 3, pp. 583–592, 2012.
[36] J. N. Ortiz, “Functional Encryption: Definitions and Challenges
Introdu ¸ c ˜ ao,” vol. 02, no. subaward 641, pp. 253–273, 2014.
[37] K. Popoviü and Z. Hocenski, “Cloud computing security issues and
challenges,” no. March, pp. 344–349, 2010.
[38] V. Sekar and P. Maniatis, “Verifiable resource accounting for cloud
computing services,” Proc. 3rd ACM Work. Cloud Comput. Secur.
Work., pp. 21–26, 2011.
40
... Surfers of the Web can easily earmark online storage space, which they can then use to safely store their data; indeed, they can also gain access to IT resources which they can employ to manage and sort their information according to their requirements. This paper builds on work which was originally presented at the IEEE International Conference on Smart Cloud 2016 [1]. ...
... Previous studies have put forth a security framework which can be used to protect the Virtual Machine (VM) image in cloud computing [1]. The present paper details exactly how the conceptual framework has been confirmed through interviews with experts in the field of cloud security. ...
... This section describes the research methodology which was used to confirm the framework and identify additional requirements which are necessary in order to secure cloud computing VM images, as shown in [1]. The initial framework, shown in Figure 2, was derived from the literature review. ...
Article
Full-text available
The concept of cloud computing has arisen thanks to academic work in the fields of utility computing, distributed computing, virtualisation, and web services. By using cloud computing, which can be accessed from anywhere, newly-launched businesses can minimise their start-up costs. Among the most important notions when it comes to the construction of cloud computing is virtualisation. While this concept brings its own security risks, these risks are not necessarily related to the cloud. The main disadvantage of using cloud computing is linked to safety and security. This is because anybody which chooses to employ cloud computing will use someone else's hard disk and CPU in order to sort and store data. In cloud environments, a great deal of importance is placed on guaranteeing that the virtual machine image is safe and secure. Indeed, a previous study has put forth a framework with which to protect the virtual machine image in cloud computing. As such, the present study is primarily concerned with confirming this theoretical framework so as to ultimately secure the virtual machine image in cloud computing. This will be achieved by carrying out interviews with experts in the field of cloud security.
... Surfers of the Web can easily earmark online storage space, which they can then use to safely store their data; indeed, they can also gain access to IT resources which they can employ to manage and sort their information according to their requirements. This paper builds on work which was originally presented at the IEEE International Conference on Smart Cloud 2016 [1]. ...
... Previous studies have put forth a security framework which can be used to protect the Virtual Machine (VM) image in cloud computing [1]. The present paper details exactly how the conceptual framework has been confirmed through interviews with experts in the field of cloud security. ...
... This section describes the research methodology which was used to confirm the framework and identify additional requirements which are necessary in order to secure cloud computing VM images, as shown in [1]. The initial framework, shown in Figure 2, was derived from the literature review. ...
Article
Full-text available
The concept of cloud computing has arisen thanks to academic work in the fields of utility computing, distributed computing, virtualisation, and web services. By using cloud computing, which can be accessed from anywhere, newly-launched businesses can minimise their start-up costs. Among the most important notions when it comes to the construction of cloud computing is virtualisation. While this concept brings its own security risks, these risks are not necessarily related to the cloud. The main disadvantage of using cloud computing is linked to safety and security. This is because anybody which chooses to employ cloud computing will use someone else's hard disk and CPU in order to sort and store data. In cloud environments, a great deal of importance is placed on guaranteeing that the virtual machine image is safe and secure. Indeed, a previous study has put forth a framework with which to protect the virtual machine image in cloud computing. As such, the present study is primarily concerned with confirming this theoretical framework so as to ultimately secure the virtual machine image in cloud computing. This will be achieved by carrying out interviews with experts in the field of cloud security.
... A security framework that tried to protect the Virtual Machine Images (VMI) in a cloud platform was devised by Hussein, Alenezi, Wills and Walters in (Hussein et al., 2016). The paper formulated a research path following which VMI security could be strengthened. ...
... A security framework that tried to protect the Virtual Machine Images (VMI) in a cloud platform was devised by Hussein, Alenezi, Wills and Walters in (Hussein et al., 2016). The paper formulated a research path following which VMI security could be strengthened. ...
... The VMI may include operating system like windows, Linux or Fedora and might contains other resources like applications that are created by organization such as database management system or application server [1]. There are some security issues associated with VMI in cloud computing that has harmful impact on the security of the cloud and might affect confidentiality, integrity or availability [2]. Threat modelling is conducted to identify security threats and draw possible routes threats might follow to attack the VMI. ...
... • dynamically provides infrastructure, platform, and software resources from any location of world over the internet in a pay-as-you-go basis; • offers an innovative business model for organizations to adopt IT without upfront investment (Behl and Behl 2012); • increases efficiency, reduces cost and time-to-market, and provides on-demand access to a shared pool of resources and services, provided with minimum management effort (Hussein et al. 2016); • offers ready-to-consume IT services that can reduce the IT overhead for starting a new business, enhance business agility, and reduce costs (Alkhalil et al. 2016). ...
Article
Full-text available
Collaborative networked organizations (CNOs) have been proposed as a response to the characteristics of highly competitive global business environments. So far, many projects have been funded to establish CNOs, however, most of these efforts have been done with traditional strategies. To move from the traditional methods of creating and operating inter-organizational collaborations towards Cloud-based solutions, we first adapt the Scrum methodology to being usable with specific characteristics of Cloud-oriented collaborations. In the following, we present a reference architecture for a system deployed on a Cloud provider offering the Creation phase of CNOs life cycle as a service. The goal is to show that Cloud is a potentially reliable, scalable, and cost-effective IT solution for exploitation of external knowledge resources, skills, and production facilities in CNO domain, where using traditional solutions were more challenging.
Article
Full-text available
Virtual Machine Image (VMI) is the building block of cloud infrastructure. It encapsulates the various applications and data deployed at the Cloud Service Provider (CSP) end. With the leading advances of cloud computing, comes the added concern of its security. Securing the Cloud infrastructure as a whole is based on the security of the underlying Virtual Machine Images (VMI). In this paper an attempt has been made to highlight the various risks faced by the CSP and Cloud Service Consumer (CSC) in the context of VMI related operations. Later, in this article a formal model of the cloud infrastructure has been proposed. Finally, the Ethereum blockchain has been incorporated to secure, track and manage all the vital operations of the VMIs. The immutable and decentralized nature of blockchain not only makes the proposed scheme more reliable but guarantees auditability of the system by maintaining the entire VMI history in the blockchain.
Article
Full-text available
The cloud computing exhibits, remarkable potential to provide cost effective, easy to manage, elastic, and powerful resources on the fly, over the Internet. The cloud computing, upsurges the capabilities of the hardware resources by optimal and shared utilization. The above mentioned features encourage the organizations and individual users to shift their applications and services to the cloud. Even the critical infrastructure, for example, power generation and distribution plants are being migrated to the cloud computing paradigm. However, the services provided by third-party cloud service providers entail additional security threats. The migration of user’s assets (data, applications etc.) outside the administrative control in a shared environment where numerous users are collocated escalates the security concerns. This survey details the security issues that arise due to the very nature of cloud computing. Moreover, the survey presents the recent solutions presented in the literature to counter the security issues. Furthermore, a brief view of security vulnerabilities in the mobile cloud computing are also highlighted. In the end, the discussion on the open issues and future research directions is also presented.
Article
Full-text available
Software as a service is frequently offered in a multi-tenant style, where customers of the application and their end-users share resources such as software and hardware among all users, without necessarily sharing data. It is surprising that, with such a popular paradigm, little agreement exists with regard to the definition, domain, and challenges of multi-tenancy. This absence is detrimental to the research community and the industry, as it hampers progress in the domain of multi-tenancy and enables organizations and academics to wield their own definitions to further their commercial or research agendas.
Conference Paper
Full-text available
The convergence of virtualization with Cloud computing has brought many benefits to organizations including ease of deployment, reduced costs and high availability of resources over internet. Extensive research has been carried out to increase the security of Cloud virtualization environment. However, addressing the security concerns of disk images used by virtual machines is still an open challenge. Compromising the disk images can result in loss of data integrity and confidentiality. This paper proposes a novel security scheme "Encrypted Virtual Disk Images in Cloud (EVDIC)" for the protection of stored disk images in Cloud by encryption. EVDIC also includes the security of key management and key exchange process. We integrate EVDIC with OpenStack, which is an open source Cloud platform largely used around the world.
Conference Paper
Full-text available
Cloud Computing can be seen as an instance of Computing as a Utility, where customers utilize the concept of "pay-as-you-go" for applications, computing and storage resources. This concept is utilized particularly heavily in Infrastructure as a Service (IaaS) models. In IaaS Clouds, customers can instantly be allocated - and subsequently release - Virtual Machines (VMs). To achieve easy management and better performance, Cloud providers utilize automated resource allocation techniques, which results in some cases of having two or more VMs belonging to different customers residing in the same physical machine. The situation described above is known as Multi-Tenancy and could lead to confidentiality violation. Since Multi-tenancy heavily depends on resource allocation, we propose a resource allocation technique which considers security as a requirement. In most cases resource allocation techniques consider, but are not limited to, either performance or power consumption but not security. So, by making resource allocation techniques consider security by design, we can enhance Multi-tenancy security which will in turn positively impact Cloud Computing Security.
Conference Paper
Full-text available
As Cloud Computing becomes the trend of information technology computational model, the Cloud security is becoming a major issue in adopting the Cloud where security is considered one of the most critical concerns for the large customers of Cloud (i.e. governments and enterprises). Such valid concern is mainly driven by the Multi-Tenancy situation which refers to resource sharing in Cloud Computing and its associated risks where confidentiality and/or integrity could be violated. As a result, security concerns may harness the advancement of Cloud Computing in the market. So, in order to propose effective security solutions and strategies a good knowledge of the current Cloud implementations and practices; especially the public Clouds; must be understood by professionals. Such understanding is needed in order to recognize attack vectors and attack surfaces. In this paper we will propose an attack model based on a threat model designed to take advantage of Multi-Tenancy situation only. Before that, a clear understanding of Multi-Tenancy, its origin and its benefits will be demonstrated. Also, a novel way on how to approach Multi-Tenancy will be illustrated. Finally, we will try to sense any suspicious behavior that may indicate to a possible attack where we will try to recognize the proposed attack model empirically from Google trace logs. Google trace logs are a 29-day worth of data released by Google. The data set was utilized in reliability and power consumption studies, but not been utilized in any security study to the extent of our knowledge.
Conference Paper
Many cloud security complexities can be concerned as a result of its open system architecture. One of these complexities is multi-tenancy security issue. This paper discusses and addresses the most common public cloud security complexities focusing on Multi-Tenancy security issue. Multi-tenancy is one of the most important security challenges faced by public cloud services providers. Therefore, this paper presents a secure multi-tenancy architecture using authorization model Based on AAAS protocol. By utilizing cloud infrastructure, access control can be provided to various cloud information and services by our suggested authorization system. Each business can offer several cloud services. These cloud services can cooperate with other services which can be related to the same organization or different one. Moreover, these cooperation agreements are supported by our suggested system.
Article
Server Consolidation is one of the foremost concerns associated with the effective management of a Cloud Data Center as it has the potential to accomplish significant reduction in the overall cost and energy consumption. Most of the existing works on Server Consolidation have focused only on reducing the number of active physical servers (PMs) using Virtual Machine (VM) Live Migration. But, along with reducing the number of active PMs, if a consolidation approach reduces residual resource fragmentation, the residual resources can be efficiently used for new VM allocations, or VM reallocations, and some future migrations can also be reduced. None of the existing works have explicitly focused on reducing residual resource fragmentation along with reducing the number of active PMs to the best of our knowledge. We propose RFAware Server Consolidation, a heuristics based server consolidation approach which performs residual resource defragmentation along with reducing the number of active PMs in cloud data centers.
Conference Paper
Virtualization has significantly reduced the cost of creating a new virtual machine and cheap storage allows VMs to be turned down when unused. This has led to a rapid proliferation of virtual machine images, both active and dormant, in the data center. System management technologies have not been able to keep pace with this growth and the management cost of keeping all virtual machines images, active as well as dormant, updated is significant. In this work, we present ImageElves, a system to rapidly, reliably and automatically propagate updates (e.g., patches, software installs, compliance checks) in a data center. ImageElves analyses all target images and creates reliable image patches using a very small number of online updates. Traditionally, updates are applied by taking the application offline, applying updates, and then restoring the application, a process that is unreliable and has an unpredictable downtime. With ImageElves, we propose a two phase process. In the first phase, images are analyzed to create an update signature and update manifest. In the second phase, downtime is taken and the manifest is applied offline on virtual images in a parallel, reliable and automated manner. This has two main advantages, (i) spontaneously apply updates to already dormant VMs, and (ii) all updates following this process are guaranteed to work reliably leading to reduced and predictable downtimes. ImageElves uses three key ideas: (i) a novel per-update profiling mechanism to divide VMs into equivalence classes, (ii) a background logging mechanism to convert updates on live instances into patches for dormant images, and (iii) a cross-difference mechanism to filter system-specific or random information (e.g., host name, IP address), while creating equivalence classes. We evaluated the ability of ImageElves to speed up mix of popular system management activities and observed upto 80% smaller update times for active instances and upto 90% reduction in update time for dorma- t instances.
Conference Paper
Recent years have witnessed the development of Cloud Computing. The management of images is a big problem in virtualized environment because there are quantities of Virtual Machine images being stored in a Cloud and most of them are outdated. How to detect the outdated images and patch them efficiently? In this paper, we present a prototype called OPS- Offline Patching Scheme for the Images Management in a Secure Cloud Environment. In OPS, we can detect out the outdated image quickly by a module called Collector. Then a module called Patcher will patch the outdated images. In order to patch an image efficiently, offline patching technology is considered. For the large number of images in the Cloud, parallel scheme is also used. Our experiment results show that OPS can update numerous images efficiently.