![5
FIGURE LIST
Figure 1 - "Illustrating the Cloud Computing Service Models” [18] .....................................................12
Figure 2 "Representing the Cloud Delivery Models” – [4]...................................................................13
Figure 3 "Cloud Platform Architecture (CPA)”...................................................................................15
Figure 4 "Elasticity – Showing how resources transfer from overbooked storage to free ones"..............18
Figure 5 "Proposed Solution” ............................................................................................................24
Figure 6 "Architecture based on proactive methodology” – [6]............................................................30
Figure 7 "Architecture and security functions”....................................................................................37
Figure 8 "Netbook"...........................................................................................................................39
Figure 9 "PC as Cloud Server"...........................................................................................................40
Figure 10 "Access Point" ..................................................................................................................40
Figure 11 "Image shows the official webpage that the cloud server can be downloaded, Desktop is
chosen” “http://www.tonido.com/tonidodesktop_downloads/ - 05 -05 -2013”.......................................42
Figure 12 "Installation Part 1”, Figure 13 "Installation Part 2”.............................................................43
Figure 14 "Installation Part 3”, Figure 15 "Installation Part 4" .............................................................44
Figure 16 "Account Creation"............................................................................................................45
Figure 17 "Tonido Homepage"..........................................................................................................46
Figure 18 "Welcome Tab".................................................................................................................46
Figure 19 "Summary Information".....................................................................................................47
Figure 20 "File Download"................................................................................................................48
Figure 21 "Application list"...............................................................................................................49
Figure 22 "Guest".............................................................................................................................49](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-5-320.jpg)
![8
INTRODUCTION AND LITERATURE REVIEW
1.1 INTRODUCTION
ABSTRACT
Cloud Computing is a technology developed recently and being used for personal but also business
purposes. Cloud security was vulnerable to threats and many cases had as result data loss, hacking, denial
of services and etc but new security models and security tools are being improved. The purpose of this
research is to define “cloud computing”, its functionality and implementation, define the function of a
cloud security and refer to its existence, a literature review for previews attempts and improvements, a
research on open-source security tools, the implementation of a cloud server and demonstration of
security protection on cloud servers. Sequence diagrams, use cases will be included for the explanation of
the functionality and their interaction with the system, and for business environments a chapter will be
included for the management of the physical teams.
1.1.1 DEFINITION OF THE CLOUD
As the world of technology and informatics is rising and new ambitions are gained, the more recent topics
students choose the more knowledge they consolidate for their future development. Cloud Computing is a
modern word and often used for something “new”. It is also said that is destined only to group of experts.
The meaning of cloud and its functionality had always existed since the application of the internet took
place. Researchers and network engineers gave this technology the name “cloud” similar to the functions
that physical clouds have. Cloud technology and networking since its implementation has been used for
personal, academic but also business purposes, even famous consortiums take advantage from it or even
sell its services. What is cloud? Why made its appearance? What is its function to the real world? The
introduction chapter will include these answers and will clear up all the mist in order to explain it in plain
terms. [3]
To begin with, the reason cloud was put in line was because of firms facing managing problems for data
that were excessively stored, either mandatory capacity was limited due to the infrastructure of the
business, or out large capacity that leaded to a wasted capital. Apart from those major valued factors such](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-8-320.jpg)
![9
as the initial capital, capitals and the service-fix cost, the sophisticated effort for the patching, the
managing and the upgrading of the internal infrastructure is a huge obstacle for firm’s development and
mobility. As we know, for many firms where client and cultural competency have not the strength to
manage large data center environments and infrastructure, it would be wise to upload their files or data
backups to another machine via internet, in order to concentrate more on the organizations primary
objectives. Cloud computing is the technology or better the ability to upload and maintain data,
share/trade software and hardware resources, storage via the internet. The super user of the cloud server is
the cloud operator and he/she has access everywhere. [3]
In a long and lasting official definition: “Cloud computing is a model for enabling ubiquitous, convenient,
on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers,
storage, applications and services) that can be rapidly provisioned and released with minimal management
effort or service provider interaction.” [The National Institute of Standards and Technology, 16th
definition of cloud computing].
From business perspective, the idea of cloud environment is evolving as many firms are switching to this
way of infrastructure. It is a cost-effective solution and a tremendous step on new lines of business. A
good example is “Apple’s Siri”, that is a “cloud-based natural language intelligent assistant”. Many start-
up organizations began with the function of cloud, for example applications (Pinterest) that hold all of
their data to cloud servers like Amazon’s Cloud Platform (Amazon Web Services). [3]
Cloud computing security is defined as the processes, interactions and policies designed to fulfill security
insurance and information protection for a cloud-based environment. It uses both logical and physical
ways for the whole sharing system of the cloud like the software (SaaS), platform (PaaS) and
infrastructure (IaaS). In a cloud security policy, the cloud provider sets the constraints of the end-user as
he is limited to permissions (Acceptable User Policy). Cloud security policy is a mandatory procedure for
every corporation and business as the level of cloud security defines whether an organization will choose
to trust this network topology or refer to another model. The bad hierarchy and security gaps for
organizations which were using cloud servers are published in articles and newspapers and lead other
ones not to participate and fear on changing their network way of connection. There are non-profit
organizations (Cloud Security Alliance – CSA) of corporation experts, which they research and produce
plans of frameworks, guidelines for securing, implementing and enforcing solutions in cloud operating
systems. [3]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-9-320.jpg)
![10
1.1.2 PROCESS
In this chapter the process of security policy will be described, also an explanation on what the delivery
and security models will be included (types of clouds).
Types of clouds
In order to provide a safe and secure solution plan for a cloud environment, a final decision has to be done
on which type of cloud should be chosen. According to the latest information we have, there have been
developed only three types of cloud deployment models, which are private, public and hybrid. These are
going to be discussed further below. [4]
Cloud computing security model has three security and delivery models. These are the following:
1. Private cloud:
A cloud platform with dedicated use for home users or special organizations
2. Public cloud:
Designated for public clients that can register for a low price of registration or even free and take
advantage of the infrastructure (storage of data, software and etc)
3. Hybrid cloud:
A private cloud that can expand to manage resources of public clouds
Cloud computing service models or “offerings” can be divided in three and they support the above [1,2]
models:
1. IaaS - Infrastructure as a Service
It delivers computation, network resources,also includes servers, virtual machines, storage, load
balancers and other core infrastructure stack
2. PaaS - Platform as a Service
Provides platform, business and service tools, adds development and programming applications
to IaaS, includes databases, web servers, execution frameworks/runtimes and development tools
3. SaaS – Software as a service
Provides applications from the infrastructure of the cloud and implements them on an end-user
machine (Sales force CRM, Gmail/Google Apps, Microsoft Live and etc) [4]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-10-320.jpg)
![11
Public Cloud
Public cloud is a model which permits access to users via web browser interfaces. In order to have access
on it users have to pay in a paying method system like the water supplying metering system with prepaid
accounts. In fact that does not only give profit to the cloud providers but also gives them the ability for
optimization. Cloud clients then debit their IT charge at a logical level by lowering the capital loss on the
IT system infrastructure. From a security perspective, public clouds are less secure according to the other
ones because they focus on taking care more on having all the applications online than protecting the data
uploaded from possible attacks. Therefore privacy and trust fade out with public clouds and their clients
keen on negotiating with private cloud servers for better security results. Possible solutions for this matter
would be 1) both cloud provider and client agree on sharing data responsibility in supporting daily checks
and validations through their own systems, 2) for each of them to have responsible roles for dealing with
security within their permission boundaries. [4] [8]
Private Cloud
A private cloud is implemented in a corporation’s internal infrastructure data center. It is more
manageable to set up security, adjusting requirements and elasticity, and provides more supervision on its
application and use. Private cloud offers virtual applications, infrastructure resources with the permission
of the cloud vendor, that he/she is responsible to put them available for share and use. It differs from the
public cloud server because all the private cloud applications and resources are controlled by the
corporation itself, like Intranet. Security on a private cloud server is more secure of the public because it
disables the exposition to external and specifies the internal access on privileged users. [9]
Hybrid Cloud
A hybrid cloud is a private cloud that is connected on one or more outwardly services. It is basically
managed on the centric system infrastructure,catered as a single service, and hold on a secure network
environment. It provides to its clients virtual IT resources like public and private clouds. Hybrid cloud
server’s vendors give more secure data management and provide several parties access the internet with
high supervision and protection. It’s an open architecture that allows interfaces with other ‘friendly’
systems. In other words, hybrid clouds are private cloud vendors that keen to expand and be more
flexible, like a mix of both public and private. [10] [11]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-11-320.jpg)
![12
To summarize, in deciding which of the three types of cloud is to be deployed, business administrators
need to take in consideration the security aspects of the corporation’s architectural structure, further
information on the security differences between those cloud models is essential. [4]
Figure 1 - "Illustrating the Cloud Computing Service Models” [18]
Cloud Computing Delivery Models
The next consideration business managers and administrators have to take is related to the three cloud
delivery models. “Due to the pay-per-use economy model that pertains to Cloud delivery models, the
degree of information security is directed towards adhering to industry standards and legislations among
cloud shareholders” [Ramgovind et al. 2010]. [4]
Infrastructure as a Service (IaaS)
This is a “layer” of cloud computing system that allows dedicated resources of the cloud server/vendor to
be used and shared by its number of clients for a price. This means that the cost for the initial capital in
computer hardware, servers, processors and networking devices is automatically reduced. They also give
the ability to the clients of using different ways for their financial and functional requirements that other
data centers cannot offer, because in a cloud system there is much more flexibility and cost effectiveness
in adding or removing hardware resources. However, managers and administrators have to pay attention
on unceremonious metabolisms of operational expense increase. [12]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-12-320.jpg)
![13
Software as a Service (SaaS)
This is a virtualized layer of the cloud computing system that gives the ability to clients that pay for their
membership to use software applications for their vendor. This is performed by accessing through a login
system via a web browser. Software’s limitation and core’s functionality is managed according to the
billing arrangements of each client. The SaaS providers can place their software on their own data centers
or they can use the previews model and share it through an external IaaS vendor. The availability of IaaS
services is the main factor of the SaaS model. Web browser and internet security is mandatory as the SaaS
applications are accessed from it. “Web Services (WS) security, Extendable Markup Language (XML)
encryption, Secure Socket Layer (SSL) and available options which are used in enforcing data protection
transmitted over the Internet” [Ramgovind et al. 2010]. [13]
Platform as a Service (PaaS)
This layer is similar to the functionalities of the IaaS but it provides an additional pay-per-use function.
The use of virtual machines in this model is a bad factor because they have to protect them against
hacking activities, attacks and malware. Therefore, maintaining the applications as also enforcing the
security on data forensics and authentication checks during transactions is necessary and costly. [10]
Figure 2 "Representing the Cloud Delivery Models” – [4]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-13-320.jpg)
![14
1.1.3 IMPLEMENTATION – CLOUD ARCHITECTURE
In a cloud-based environment, which SaaS, PaaS and IaaS are provided, large resources on virtual
machines can give greater results on efficiency and flexibility. Every physical host’s resources are
virtualized as a Virtual Machine (VM) that runs multiple operation tasks and processes. “Cloud platform
provides pools of virtualized resources (computing, memory, saving storage, bandwidth) spanning
multiple hosts and storage frames” [H. Tianfield, 2011]. Multi-tenancy is shared on the physical
infrastructure of the cloud. [7]
Techniques such as storage frames and workload balancing can be used in order to achieve high resource
utilization. Workload balancing is accomplished through virtual machine live migration, an application
that moves virtual applications between physical ones in a total and stealth (not observed by the users)
way. The storage,computing and network resources are the basic virtualized resources offered from a
cloud vendor. [7]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-14-320.jpg)
![16
Virtualization Technologies
Virtualization of technologies has been tremendously advanced in recent years as network engineers in
order to reduce IT service costs they increase virtual resource utilization. The common point of all the
virtual machines is the infrastructure beneath them, and is presented between the physical and the process
infrastructure. The whole nature of the cloud system is converting dynamic physical technologies to
virtual and sharing them, so virtualization technologies are essential. [14]
Virtualization technology enables the removal of application payload from the physical infrastructure.
This means that the physical resources can be separated to logical or virtual ones, according to the cloud
providers needs. This is called provisioning. Every physical machine on top of the virtualization should
be able to monitor dynamically the logical bottom resources of the cloud. In a true cloud operating server
every external using machine can adjust the virtualized resources according to its needs and always in
real-time. [15] [16]
Virtualization happens also to the server, knows as system virtualization. It is the ability to execute many
operating systems simultaneously on the same server. The virtualized server is monitored by the
‘hypervisor’ or VM monitor, which is a program running and simulating one or more operating systems.
“Other forms of virtualization include storage and network virtualization, namely logical representations
of the physical storage and network resources” [B. Rochwerger]. [17]
Further supporting is observed at flexibility of the cloud system, as the hardware due to virtualization can
be adjusted as many times the server administrator wants without loss of money or time. Virtual
appliances, named VMs with software included for partial or specific task (Web, Database), support the
function to create programs rapidly. This combination is one of the key features of cloud computing. [18]
Scaling and Elasticity
Approaches of scaling infrastructures can be the physical investment or run-time horizontal ones. Scale-
up approach for physical investment, supports heavily the investments in more powerful and recent
machines (vertical scaling).The component-based scale-out approach manufactures a scalable architecture
that invests horizontally in infrastructure growth. Most of businesses and web software exchange their
components, connecting their datasets and they create a service pattern. In order to have good results
(increments) for this approach, businesses should first predict the demand of regular intervals and then
deploy them to the infrastructure. [18]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-16-320.jpg)
![17
Inside the frames of the cloud, separating the components, creating asynchronous systems and scaling
them horizontally is very essential, as it will give the ability to scale out by increasing the number of
instances on the same component, but also build hybrid models where some components execute with on-
premise resources and others use the marketplace and services for extra power and bandwidth. This way
results to “overflow” the system workload by using load balancing methods. [18] [19]
In a horizontal scaling, applications should concentrate on the availability of the whole application layer
than in restoring failure in individual ones. In a cloud platform (built on a virtual pool of servers) when a
physical server ‘drops down’ the virtual machines does not fail but restarts its function on the next
available physical server. Implementing horizontal scaling simultaneously to ‘bad combined’ application
components lead to a strategy that does not depend on the reliability of any component. [19]
Scaling tactics do not have to be limited to only one cloud environment. “Surge computing” can be used
to accommodate temporary workload increase, depending on the location and the size of the data. In surge
computing, applications that are executed in private cloud can require resources from an external cloud
server like, i.e. public clouds give resources to excess overflow workload. “Horizontal scaling basically
calls for Service-Oriented Architectures (SOAs)” [H.Tianfield - 2011]. The outcome of the horizontal
scaling is that as more loose components appear on the system, as better the system scales. [19]
“Elasticity is the power to scale computing resources up and down easily and with minimal friction.
Elasticity should be one of the architectural design requirements or a system property” [J. Varia, 2010].
[19]
Automated elasticity motivates the infrastructure of the cloud to expand and forces it to increase
utilization cost-effectively. Elasticity enables application on the cloud computing to grow without
additional expensive upgrades. [18]
This aspect of elasticity in cloud can be run by auto-scaling on demand. Auto-scaling is defined as the
scaling of applications up and down until it matches the unexpected demand without man intervention.
Monitoring tools can provide safe scaling based on the metric results. Visibility in resource utilization and
process performance can be gained by the use of data analysis tools. Auto-scaling automatically scales
cloud capacity based on the data analysis results e.g., security events, history, etc. [19]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-17-320.jpg)
![18
Figure 4 "Elasticity – Showing how resources transfer from overbookedstorage to free ones"
1.2 DOMAIN BACKGROUND
Cloud computing has been presented so far as a cost-effective, resulting and multitasking solution. The
advantages have been mentioned for the reader to understand the elasticity in the tasks cloud system
fulfills. The rapid growth of such technologies and systems is parallel to the growth of security threats.
Open (via internet) systems like cloud have endless vulnerabilities because of them being new and public.
As a result of this, competition has been increased between cloud vendors and clients target to find which
of those is the most secure and safe. Hosts tend to use cloud services for data securing and their utilization
so this grows the competition on the market and the security perspective of the cloud managers. This
chapter will conclude some of the most major security threats exist, deep analysis will occur describing
the high value of importance cloud vendors should have against one of those, solutions of facing security
threats on cloud systems created by researchers and testers will be added as long as security models,
history and a literature review will be added to show the latest solutions created and evaluated. [5]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-18-320.jpg)
![19
1.2.1 HISTORY AND LITERATURE REVIEW
1. Rongxing et al will be the first of the papers being reviewed. His team proposed of a new security
and provenance data forensics tool for cloud systems. Secret documented files included on the
tree of the users file system, with the aid of the tool will support their privacy and security.
Another use it’s the authentication mechanism they applied to check for unrecognized user access
and this comes from the process of examining the resolve disputes of data. The provenance
prospect is a process of the ‘bilinear pairing method’ that blocks of data forensics built within the
environment. Using security techniques via multiple tests they accomplished to prove
functionality on their model. Their work is done successfully as they introduced a functioning
system but they could not implement as there occurred complex on mathematical models. [1*]
2. La ‘Quata Sumter et al. states that the growth of cloud computing implementation results to
internet security doubted and threats constantly increasing. Clients of cloud vendors and services
are seriously discouraged for the weakness of cloud security to protect data and make available
when needed. Users doubt the access mechanism on servers of cloud as also its security. To
assure and encourage cloud clients for information security, they have proposed a model that
keeps track of every move and process is taking place on the information stored. In order to
complete this, they demanded a security capture device that will support their model and make it
work completely. The advantages are that they have been dealing with customer encouragement
about the security concerns but due to the limitation of their model, its practical only for small
cloud environments and not recommended for larger ones. [2*]
3. Mladen says that cloud computing came as a system after many practical years on networking
and computer technology. This paper is focused on concerns based on ‘cloud computing with
virtualization, cyber infrastructure, service oriented architecture and end users’. Key concerns
have been taken under consideration and implementation and research made their work
important. User’s dissatisfaction pushed them to write theoretical papers based on security
concepts and issue authentication. [3*]
4. Wenchao et al. on this research proposed another perspective of solutions through data centric.
They have investigated the security requirements of securing data and sharing through
applications online. Discussion on forensic, system analysis and data management has been
included. They proposed a new security platform known in the short name of DS2 which stands](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-19-320.jpg)
![20
for Declarative Secure Distributed Systems. This platform supports the functions of the proposed
data securing methods. Network protocol and security policies are managed by the ‘Secure
Network Data log (SeNDlog)’ a rooted language that processes networking and access control
logic-based tasks. With the aid or Rapid Net declarative networking engine they managed to
develop DS2 prototype and they added provenance support according to their belief that will
make the security level more stable. “The strength in their work lies on the data centric security
that results to secure query processing, system analysis and forensics, efficient end to end
verification of data”. Their work should be evaluated from professional cloud vendors. [4*]
5. Due to the cloud computing services and benefits which are safety, security and privacy, Soren et
al explained the majority of the influence cloud spreads. Complex and good managing of the web
interfaces of a cloud have better results than wrong configured because the second ones can make
the whole system vulnerable to threats. The platform of their implementation was “Amazon’s
Elastic Compute Cloud (EC2)”. They implemented a security analysis tool and simulate it to real
factors. Complex high level query language has been proposed and used to describe the
requirements of the configuration. Python and EC2 were the main software used for their
implementation. This tool identifies the breaches on the secure sections of the infrastructure and
then informs the administrators to check the problem, in other words it works like an antivirus
program. The advantages of their work is that they investigated every possible security attack
with the proposed tool but it has a huge disadvantage that the software is linked to work with the
EC2 infrastructure and not in general systems. [5*]
6. Flavi and Roberto proposed a novel Architecture and Transparent Cloud Protection System
(TCPS) for better security management. They claim that they have accomplished integrity in
privacy issues in clouds. To identify them, they built a more feasible and more secure architecture
which they named TCPS. This system can be used to keep track of every host transfer but also
keep the transparency and virtualization of the server. The results of their work are that they
created an intrusion detection mechanism built in the architecture but they did not manage to
deploy realistic scenarios and test their work, so they could not validate it. [6*]
7. Wayne stated the essentiality of configuring security on critical systems. Facing security issues
from end user perspective is mandatory. Security policies with strong commands should keep
data checked for dangerous actions and prevent unauthorized access to both clouds and data
servers. Their paper focuses on public clouds. Key factors are “end user trust, insider access,](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-20-320.jpg)
![21
visibility, risk management, client-side protection, server-side protection, and access control and
identity management” [Sabahi, 2011]. The weakness in their work is that they did not outcome of
a tool, or a solution on real infrastructure. [7*]
8. Jingpeng et al managed to propose a paper on cloud’s image repository. Their design addresses
the risks and can be easily implemented and prove success. Filters in the system infrastructure
capture malware and secondly all sensitive to crack passwords are removed and replaced by
stronger ones. Clients can choose the required images. Repository maintenance decreases the
possibility of running illegal software. The testing’s of this papers show that filters work
efficiently in the image management system. They proposed a system “different” from other
cloud architectures and showed with aid of filters and scanners that they could detect malicious
traffic. The weakness is that captures of filters are not 100% accurate and could lead to legitimate
issues as also the scanner cannot capture every type of virus and it has to be updated constantly.
[8*]
9. Miranda and Siani are facing problems of data seepage user complain about. This issue puts a
serious obstacle on the acceptance of the implementation of cloud and its growth on the market.
Some scenarios have been taken under consideration. A client-based privacy manager tool for
processing sensitive information inserted in the cloud is proposed. The tool reduces security
issues as simultaneously increases privacy safety. The tool has been tested successfully and used
in many environments.
The privacy manager tool ensures security on services within the client machine. It has a feature
that reduces critical data transferred for further actions. Once data is targeted the output is de-
obfuscated. The key this tool uses is so secret that even the cloud providers have no right to
know. The privacy manager enables end users to contribute to the changes of their personal data,
and also rectify them.
The strength of their tool proposed is providing access control, user customization and feedback
facility but it cannot be implemented to all scenarios. [9*]
10. Dan and Anna proposed a data protection framework for sensitive information. Their proposed
framework contains three basic keys: policy ranking, integration and enforcement. Various
models have been described for each part. They presented security data models but also cost
functions. Their work is tested and simulated but not validated on real environments. [10*]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-21-320.jpg)
![22
1.2.2 EXISTING SECURITY THREATS
Within a cloud environment we define as secure policy issues like “privacy, security, anonymity,
telecommunications capacity, government surveillance, reliability and liability” [Sabahi, 2011]. There is a
difference between each type of client a cloud server deals with. Academia clients require more
performance than security protection in comparison with business clients that want their data to be
protected more than having use on a high performance system. Gartner’s seven security concerns will be
described below. [2]
Privileged user access: Fragile data that can be analyzed from outsiders and give them ability of
bypassing the ‘physical – logical’ layer of the cloud and gain access on data and software.
Regulatory compliance: Clients are responsible for the good management and security of their
data, even in a cloud environment. Most cases show that percentage of data loss or privacy
intrusion is caused from human factors that were clients.
Data location: The exact location of the data clients uploaded is not known by them, and the
distributed data storage because of its behavior can lead to loss of control and it is good for
customers to know where their data is stored before proceeding to the cloud.
Data segregation: Encryption and decryption of data in the cloud is essential but it cannot be the
only way of solution as it is vulnerable to attacks.
Recovery: In a case of server failure or denial of service how will the data of clients been
restored? Does the cloud vendor have a backup plan of reverse engineer and protection of data?
Are cloud managers capable of restoring data or they have to be supported from an outsider third
part company? These actions are not on clients favor.
Investigate support: Cloud services are hard to investigate cause of many customers data placed
in the same location, but can also spread infected files to other sets of software.
Long-term viability: Cloud providers have to assure their clients that even in a case of a merge
in a bigger cloud company there will still be integrity and availability on their data. [2]
So, as clients tend to trust and transfer data on third-party hardware servers that are live or virtual online,
the cloud vendors have to give IT security solutions and policies to protect clients data. This trend and
new responsibility model will give another meaning to the cloud management as more challenges are
occurring and more solutions are found. The first question that someone can do to an administrator of IT
business environment is if he and the team has the ability to whether prevent a security threat from
intruding the infrastructure or deal with a breached security. The answer is two sided as the first
responsible for any security breach are the customers themselves and then the cloud security itself. [2]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-22-320.jpg)
![23
A. Data Leakage
To begin with, by moving to cloud environments, there are two obvious changes for client’s data. First,
data is uploaded from the customer’s machine to a different target area. Secondly, the transfer occurs
from a single to a multi-tenant area. This causes possibilities of data leakage effects. This is a major cloud
security threat. [21]
For its prevention Data Leakage Prevention (DLP) has been invented for the protections of sensitive data.
DLP though cannot protect data and it is useless on public clouds due to their nature of architecture, so
DLP tools are not the most effective solution in this incident. In public clouds, clients have the authority
to control the whole infrastructure so DLP agents cannot act automatically with unwanted results. [22]
B. Cloud security issues
Internet is a communication model that cloud environments exist from. It uses the TCP/IP protocol which
addresses unique IP of users and identifies them over the Internet. Virtual machines similarly to the
TCP/IP protocol use IP addresses. A malicious user, internal or external can search for IP addresses.
When they find the targets physical server they implant a malicious virtual machine to attack. If a hacker
gets access to a VM he can get data of all users, this is possible by copying the data into a hard drive of
his own and analyze them in a safe place before cloud providers are alerted. [23]
1) Attacks in cloud
Nowadays, several attacks in the IT world have been reported. Clouds give access to legal users that
register but can also have stored clients that have criminal purposes. A hacker can use cloud servers for
storing his malicious programs, that programs can cause Distributed Denial of Service (DDoS) to the
cloud system. If the victim shares the same cloud with the hacker, it would be easier to the hacker to
sketch up the attack. This can be valid as mentioned above with virtual machines too. [24]
a) DDoS attacks against Cloud
The DDoS kinds of attacks are usually taking place on high quantity IP packets traffic on specific entries.
Blacklist pattern programs are quickly becoming out-of-service due to overrun. In cloud systems where
there is a big amount of clients using it, denial of service has a bigger impact in contrast to single
infrastructures. DDoS attacks prefer low cloud resources. The solution is to increase the number of
critical resources. Bot-net way of attacking is the most serious problem a cloud could face. [24]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-23-320.jpg)
![24
Most of the anti-attack software published on the market cannot either protect a system from a DDoS
attack or stop traffic because it cannot examine which traffic is good or bad. Intrusion Prevention Systems
(IPS) [http://cloudsecurity.trendmicro.com] is effective when the attack is located and recognized.
Unfortunately, firewalls are not so resulting on DDoS attacks since firewalls transport legitimate traffic
and are vulnerable to spy-poof software. [23]
b) Cloud against DDoS Attacks
DDoS attacks are powerful threats. They are launched from a bot-net with many zombie machines
support. Initialization of DDoS occurs when a huge amount of packets are sent to the web server from
many sources. Cloud servers can tolerate more effectively those attacks as they have plenty of resources
online to defend with, in order to protect from a site shut down. [24]
1.2.3 EXISTING SECURITY SOLUTIONS
There are several solutions that exist in the internet environment that can run also to cloud infrastructures
effectively but more cloud specified attacks need more expertise solutions. Internet solutions can be used
to cloud systems or even improved.
Figure 5 "Proposed Solution”](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-24-320.jpg)
![25
A. Access Control
The mechanisms of access control are tools that enable user authorized access and support the prevention
of unauthorized ones to the infrastructure. These mechanisms should analyze users lifecycle by the time
they sign up until their de-registration, so it would be sure they had no longer access. Special analysis
should be put on user entering privilege mode and can modify system policies. The following steps
should be considered to ensure security:
I. Control access to information.
2. Manage user access rights.
3. Encourage good access practices.
4. Control access to network services.
5. Control access to operating systems.
6. Control access to applications and systems.
In the SaaS model cloud provider is the one responsible for the management of the whole infrastructure.
Application is delivered as a service to clients via a web browser so other network controls lose their
power and get ignored by the user access controls. Clients should focus to their user access commands.
[25] [20]
In the PaaS model, cloud provider focuses on the management of access control to servers, network and
application infrastructure.
IaaS clients are responsible for every management aspect exists in this architecture. Access on virtual
machines, storage, servers, and network should me designed to be managed from the clients.
B. Countermeasure and fast response
Common point in IT and cloud security of networks is investigation of possible problems and threats that
can enter the system but more important is the implementation of the special response every problem
needs to get. Cloud is set up on a group of specialized storage devices, lead by a custom high distribution
coordinator, being available 24/7. For flexibility, scalability and efficiency usage of resources, cloud
vendors must produce many solutions to almost any problems they face, in areas with great adaptability
and workload analysis. [20]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-25-320.jpg)
![26
1) Partitioning
Workloads that have to come across multiple nodes, partitioning on data must occur in order to maximize
transaction and better performance. The main goal is to minimize the chances of entering transactions to
multiple nodes and result with the answer. [25]
2) Migration
A cloud’s main objective is the ability to have flexibility. In the “cloudpedia” this means concentrating
more resources on components they need. There is a challenge on database programs that large amounts
of data have to be transferred properly to other locations. In migration, the method works like predicting
the adaptation time for example like partitioning time and breaking data into smaller parts in order to
maintain transactions and simultaneously moving them. [25]
3) Workload Analysis and Allocation
For better collaboration between virtual machines and their workloads, it is essential that analysis and
classification is done to the resources required in order to estimate the virtual machine allocation memory.
[25]
C. Trace of user’s behavior
Since most of the problems appear due to user novice knowledge on clouds and mistakes, method of
tracing the user’s identity and origin has already been implemented. Every cloud vendor knows users
unique identity and can easily investigate on his behaviors. In order to maximize security, user’s behavior
has to be monitored from underground programs for criminal actions. Every suspicious move will be
traced and will warn user or even ban according to the level of the act. In fact, those kinds of monitors
have been used in IT environments such as TCP protocols for many decades. A good start would be to
implement them also on cloud servers. [20] [25]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-26-320.jpg)
![27
1.2.4 SECURITY MODELS – A PROACTIVE METHODOLOGY
Based on the security model of Prashant Srivastana, Satyam Singh et al a proactive methodology is
described to improve the security aspects within a cloud environment. [6]
This proactive methodology which is followed is listed according to the implementation level:
• Create a detailed Cloud Policy.
• Identify compatible Cloud Service Provider based on the Cloud Policy above.
• Draft a detailed Service Level Agreement with provisions for monitoring of the Cloud Service Provider
network and services.
• Continuous monitoring by the Security Cloud for policy violation.
• The feedback is used to refine the Cloud Policy according to the emerging technology trends and
solution. The details on creation of the Cloud Policy and the Security Cloud are described in the later
sections. [6]
A. Security Cloud Policy
Every cloud environment has its own methods and protocols of management and security aspects.Public
clouds are the ones that are more vulnerable to threats and sometimes they act as a third party in form of
the CSP (Cloud Service Provider). IT companies are assigned to build cloud providers custom made
security models. [6]
The security cloud policy aims to have a specific goal to every cloud service. It maps the exact security
requirements and adopts them. Separated and also “special” cloud policies that are hidden and authorized
only to IT managers have more benefits as they can specify all the security issues of the organization
without contributions. [6]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-27-320.jpg)
![28
B. Creating the Security Cloud Policy
Privileged user access: Cloud provider must acknowledge that administrator and managers should
have HR experiences as well.
Regulatory Compliance: Provider has to give allowance to third party audits for regulatory
issues. Data logs should be also included.
Data Location: Independence on data locations is one of the factors cloud is created. The provider
must align boundaries to data that exceed their limit for better control.
Data Segregation: Cloud specialists have to be able to investigate encrypted files so they can sort
it as safe or threatening. The cloud provider must use standard encryption.
Recovery: Business Continuity Plan must be afforded as a method of data being destroyed, in
order to recover from severe incidents. Guaranteed time must be included.
Investigative Support: Illegal activity investigation on a cloud environment is difficult. Even
experts sometimes cannot target criminal behavior. Requests on outside investigative companies
can be helpful.
Long Term Viability: In case of mergers, a clear mandate has to assure clients what happens to
their data.
Data Management: This section has to determine teams, privileges, management policies and etc.
Details can be performed and revealed transparently.
Application security: Application layer should be tested for security concerns. Provider has to set
the security requirements and features to the developers and the security team.
Security model of cloud provider interfaces: The APIs must be supported with a great security
model.
Provider HR Policy: It is essential to analyze the human resources policy of the cloud provider.
Secure data deletion: Attackers can always press hacking forces onto data rejected and get useful
information. Therefore, providers have to assure persistent data deletion.
Information from Provider: The provider must supply the other company teams with useful logs
and data grams in order to check risky criteria. [26] [27]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-28-320.jpg)
![29
C. Security Cloud
Monitoring public blacklists for one’s own network blocks: 24 hour checks have to be
performed between the Cloud Service Provider and public black lists. Companies using cloud
systems do not prefer that their service ends to a spam activity or DDoS situation.
Vulnerability Assessment: Insurance on the current health of the network provided has to be
checked and confirmed for network resources via automated software tools.
Penetration Testing: Tools that penetrate the network should be used but with great
supervision in order not to lose connection and cause a limited network to the clients. Open
Source Penetration Testing frameworks are OSSTMM and etc.
Log Analysis: Cloud Service Provider due to the cloud policy requirements has to perform
checks and tests and report any issue or gap to the management team.
Host Based Intrusion Prevention System: In the IaaS delivery model, only storage and basic
networking is provided. It is estimated that client will provide OS and apps. HIPS (Host
Based Intrusion Prevention System) can be used for security reasons. These results lead to an
effective system. [6]
Security cloud model is effective to private cloud models but always attached to the company’s
security policy. Except from testing, scanning and penetration, it can be able to check password
weakness with famous deciphering programs offline. [6]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-29-320.jpg)
![30
Figure 6 "Architecture based on proactive methodology” – [6]
1.2.5 EVALUATION
The problem of private clouds is that they are often underutilized until they get in a larger environment.
This parts train cloud developers and administrators of a company with the ability of having the insight
key of cloud architecture but also avoid exposing the company to threats implementing a public cloud.
The Security Cloud model provides security solutions not only to the Public cloud but also to the private
infrastructure. Penetration testing and vulnerability scanning improves the overall performance.
Public cloud providers guarantee results in addition to a good cloud policy. In order to achieve high
security and defense, cloud providers are strictly monitoring the whole system 24/7. Finally, updates to
the cloud policy of a company prepare the company and reduce chances of being attacked from the latest
threats of security.](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-30-320.jpg)
![31
ANALYSIS
2.1 SYSTEM REQUIREMENTS
In the ISO 7498-2 standard, which is invented by the International Standards Organization (ISO),
informatics security should be managed in a way it covers all points and themes. These type of standards
should be also invented for Cloud Computing Security to make it a stable system. The requirements will
be listed above:
I. Identification & authentication
Depending on the type and delivery model of a cloud, specific users must first gain stable access to the
system according to their supplementary priorities and afterwards permissions may be granted. This
process’ aim is to secure user verification by applying username and password protection to every cloud
profile. [4]
II. Authorization
Authorization is one of the key elements in the security requirements of a cloud environment so that it can
maintain referential integrity. This requirement sets up the rules of control and privileges over the
processes happening to the Cloud. System administrator is the system maintainer of a Private cloud. [4]
III. Confidentiality
Cloud computing is attached to such requirements as trust and confidentiality because of users data that
are stored and transferred via multiple foreign databases. It is essential when implementing onto your
cloud a public cloud because of the characteristics of the public cloud. Confidentiality and protection on
users profiles and data that have virtual access, gives the advantage to the information security protocols
to enforce different layers of cloud applications. [4]
IV. Integrity
In order to maintain integrity in user data, users have to apply the secure diligence when accessing their
data. Therefore ACID which stands for Atomicity Consistency Isolation and Durability properties must
be enforce to all cloud network, services and delivery models. [4]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-31-320.jpg)
![32
V. Non-repudiation
The particular requirement can be earned by the implementation of e-commerce security protocols and
token provisioning to data transmission inside cloud applications such as digital signatures, timestamps
and confirmation receipts services (digital receipting of messages confirming data sent/received). [4]
A. Security
High security issues are usually attached to problems with virtual environments which run virtual
components like supervisors that control the virtual communication. Companies that have IT and
management teams can implement their own security policies to achieve identity verification. Therefore
organizations must choose the correct cloud service according to its unique mechanisms. It is mandatory
to avoid malfunctions such as cloud providers’ debility of accessing the users’ data. This results to a
problem because due to cloud’s range of structure, high computation and communications costs are
extremely expensive in order to implement also high security. [28] [29]
B. Privacy
Organizations find it hard to trust cloud providing environments to manage and store their sensitive data.
Indeed, privacy of data is a major problem but also a requirement that is still under investigation. Users
are not allowed to know the exact geographic location of their data yet. This results to ethical and
regulatory issues from country to country. Due to fact of these concerns, providers have to supply
consumers the necessary guarantees. To summarize, protection must be applied to user data while
providers cannot access them. [30] [31]
C. Availability
Availability is the most critical information on security requirements of a cloud infrastructure because it is
the basic decision factor for deciding which type of cloud (private, public and hybrid) and delivery model,
vendors should install. The SLA is the most important document for referring to the dismay of availability
in cloud architecture between client and provider. Most of organizations have high demand on requests
like availability due to their demand on computing resources. Many organizations way of life, is stringed
to the use of resources and operations that are stored in the cloud, for example banking or financial
organizations. Many failures on cloud systems have reported nowadays to security attacks, natural
disasters and cloud providers must find solution and ensure that they are able to manage such problems
and keep business continuity to their services. So, recovering from such factors makes a grand point onto
peoples choosing between cloud providing companies. [32] [33]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-32-320.jpg)
![33
D. Auditing
Audits are ordinary and spare mechanisms that run on several organizations. They monitor and record all
the operations going on within the system and keep log of each activity. Appropriate auditing mechanisms
have not been published yet. This issue is based on auditing programs that are compiled to a cloud
system. They affect its storage, performance and availability. Also applying other companies to monitor a
cloud systems data with special cloud designed auditing programs can cause serious issues to the trust of
major corporation customer’s accounts. [33]
E. Flexibility
Business customers often change their requirements according to their needs so cloud providers have to
maintain a flexible cloud system in order to deal requirements like this. Cloud computing providers have
to supply businesses their flexible plans. Cloud computing companies with high flexibility can approach
dynamic organizations where new services and demands are continuously requested. [34]
F. Archiving
Archiving is used to store data that are not used at the moment but they may be used in the future.
Keeping such data means having high storage and resources not only for those but also for their backup.
This results to additional costs to the services. This requirement makes a great feature for cloud providing
companies in leading great competition. [34]
G. Quality of Service
Service customers and application users need high QoS on their operations. In this case, Cloud
environments have to be enforced with parameters and policies that vary for each customer type. These
agreements are usually placed in the SLA(s). “QoS-based resource allocation mechanisms support
different SLA(s)”. [Eileen Marie Hanna, Nader Mohamed, 2012] Due to time changing and dynamic
businesses, cloud service providers must not maintain a stable QoS policy but a hybrid one that will let
customers build and change parameters according to their needs. [34]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-33-320.jpg)
![34
Governmental
Applications
Large – Scale
Computations
Financial
Services
Healthcare
Applications
Online
Entertainment
Archiving High Low/Medium High High Medium
Audit High Low High High Low
Availability Medium/High Medium High High High
Flexibility Medium Low High Medium Low
Privacy High Low High High Low
Security High Low High High Medium
QoS Medium Medium Medium Medium High
Scalability Medium High Medium Medium High
TABLE 1 – REQUIREMENTS SUMMARY [34] (Hanna et al., 2012)
2.2 MANAGEMENT EXAMPLE USE CASES
Business client travelling: This use case contains a business client with business partnership that travels
abroad with a portable device (laptop, smart phone and etc) and uses them to have access to one of the
virtual machines provider from the service provider which is normally within the cloud system. Specific
security demands are reported from the service user (business man) according to his company working
for. Example of a security demand may be that the virtual resources must be located in Australia or
Europe and must follow the “ISO 27001:500” certification. [ISO/IEC 27001:500 - Information security
management systems - Requirements, 2011.] [1]
In case the business man travels in Australia the service provider is instructed to move the virtual
resources to this country and keep low latency. This transfer has to be done with caution and always
inside the terms of agreement of the security demands (ISO 27001:500 certified). On any case that the
service user travels to a different country of those that are included in the service agreement, the service
provider will not make any transfer of the virtual resources. [1]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-34-320.jpg)
![35
Cheap Storage and Processing: This use case has as main character a service user which is interested in
cheap resource processing and storing. Small businesses those who need intensive calculations like for
example video rendering. Service user’s constraint is that the service must be operated in a data center at
the lowest price. In this use case latency is not an important factor. For that reason Service Provider takes
the cheapest virtual infrastructure provider with the constraints of the SU. In case processing takes longer
the SP can move the task to another infrastructure provider cheaper from the first one. Differentiation on
prices can be due to the current work load (for example different time zones or prices from energy). [1]
2.3 CLOUD MANAGEMENT
2.3.1 MANAGEMENT ROLES
Service User: A service user is the client of a cloud computing system that pays for access on the
infrastructure of the cloud. This person is authorized to use cloud resources by permission he/she gains
from the service provider. This is managed by using a request mechanism. [1]
Service Provider: Service providers are the ones that provide services to the service users. They are
responsible for mapping the requests and the security constraints of the service user to the infrastructure
provider. He/she has some difficult and delicate tasks as he/she has to deliver the service user’s security
demands. Service providers also take the role of the virtual infrastructure provider. [1]
Virtual Infrastructure Provider: Virtual infrastructure providers are the ones that provide IT virtual
infrastructure, where services can be installed on. Service provider uses the virtual infrastructure for their
services. The VIP (Virtual Infrastructure Provider) owns the hardware where virtual machines are running
on. [1]
Virtual Resource: Virtual resources are virtually processing, storing or network entities that are located
on the physical resources of the virtual infrastructure provider. [1]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-35-320.jpg)
![36
2.3.2 ARCHITECTURE AND FUNCTIONS
The architecture is consisted of three functional teams: the service team, the service provider, and the
virtual infrastructure.
Service User Functions
REQUEST OF VIRTUAL RESOURCES
In simple architectures used for understandable reasons, a service user/client can request virtual resources
(software, memory, data and etc) from the service provider. The request consists of a variety of goals such
as type of resource, quantity, also optimization parameters like price and latency demands, and finally
security goals. Security goals can be translated into the service user side with the aid of translation tools.
[1]
Service Provider Functions
REQUEST OF VIRTUAL RESOURCES
The service provider may sound like the one that offers only the various requests demanded but he/she
also has functions of requesting. This function is requesting virtual resources to the virtual infrastructure
provider(s). Before this procedure is completed, the service provider examines and reports all the security
parameters of the service user to the virtual infrastructure provider. Only in case that the virtual
infrastructure provider provides the allowance of offering to the service user, the service provider can
request these resources. The goals of the request function are the same as the goals of the service user
ones. [1]
DELIVER VIRTUAL RESOURCES
After receiving the allowance to access the virtual resource material from the virtual infrastructure
provider, the service provider gives access to the service user.
Virtual Infrastructure Provider Functions
OFFER VIRTUAL RESOURCES AND SECURITY CONSTRAINTS
The virtual infrastructure provider offers virtual resources and security functions to the service provider.](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-36-320.jpg)
![38
2.3.3 UTILIZATION
Utilization of the security architecture and functions can be shown by implementing the second use case
where the service user is requesting cheap processing and storing resources. [1]
From a first glance of sight, the virtual infrastructure providers VP1 and VP2 offer access to security
functions and virtual resources to the service provider. VP1 provides Advanced Encryption Standard
(AES) encryption and storage resources with key length of 256 bit as a security parameter. VP2 also
offers the same but it provides the Data Encryption Standard (DES) encryption system which supports
only 56 bit key length. [1]
The SU (service user) requests access to virtual resources from the service provider. SU demands 100GB
of storage that is AES-encrypted with a bit key length amount of 128.
VP1 invokes the virtual resource by allocating 100GB storage, encrypting with the AES encryption
system with 128 bit key length and then delivers access to the service provider. The service provider
forwards is to the service user. [1]](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-38-320.jpg)
![74
APPENDIX
18:25:31:349 [1] [AppStarter]:T: ***********STARTING*****TONIDO**********
18:25:31:350 [1] [AppStarter]:I: Tonido Working Directory: C:UsersPavloAppDataRoamingTonido
18:25:31:350 [1] [AppStarter]:I: Running on OS : Windows NT
18:25:31:350 [1] [AppStarter]:I: Running on OS Version : 6.1 (Build 7601: Service Pack 1)
18:25:31:350 [1] [AppStarter]:I: Running on OS Arch : IA32
18:25:31:350 [1] [AppStarter]:I: Running System Version : 3.66.0.23160
18:25:31:350 [1] [AppStarter]:I: Running Message Version : 0.0.0.1
18:25:31:350 [1] [AppStarter]:I: Built on : Mar 31 2013
18:25:31:350 [1] [AppStarter]:I: Using AppRoot : C:UsersPavloAppDataRoamingTonidodata
18:25:31:350 [1] [AppStarter]:I: Host Name : PAVLO-PC
18:25:31:351 [1] [AppStarter]:I: Using PeerDomain : tonidoid.com
18:25:31:351 [1] [AppStarter]:I: Using PluginListURL : http://patch.codelathe.com/tonido/live/pluginlist/x86-
win32/pluginlist.xml
18:25:31:351 [1] [AppStarter]:I: [AppRoot ] = C:UsersPavloAppDataRoamingTonidodata
18:25:31:351 [1] [AppStarter]:I: [DSBaseURL ] = https://s1.codelathe.com/api/ds/tonidods.php
18:25:31:351 [1] [AppStarter]:I: [DomainListURL ] = http://info.codelathe.com/domainlist/domainlist.xml
18:25:31:351 [1] [AppStarter]:I: [PluginListURL ] = http://patch.codelathe.com/tonido/live/pluginlist/x86-
win32/pluginlist.xml
18:25:31:351 [1] [AppStarter]:I: [RSSURL ] = http://info.codelathe.com/news/rssfeed.xml
18:25:31:351 [1] [AppStarter]:I: [RelayServiceURL] = https://s1.codelathe.com/api/relay/getrelay.php
18:25:31:351 [1] [AppStarter]:I: [UsageStatsURL ] = http://info.codelathe.com/stats/tonidousagestats.php
18:25:31:351 [1] [AppStarter]:I: [DefaultLanguage] = english](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-74-320.jpg)
![75
18:25:31:351 [1] [AppStarter]:I: [DomainServerPort] = 24465
18:25:31:351 [1] [AppStarter]:I: [EnableDNS ] = 0
18:25:31:351 [1] [AppStarter]:I: [EnableDomain ] = 0
18:25:31:351 [1] [AppStarter]:I: [EnableErrorLog ] = 1
18:25:31:351 [1] [AppStarter]:I: [HTTPProxyHost ] =
18:25:31:351 [1] [AppStarter]:I: [HTTPProxyPort ] = 80
18:25:31:351 [1] [AppStarter]:I: [HttpPort ] = 10001
18:25:31:351 [1] [AppStarter]:I: [KeepLog ] = 1 days
18:25:31:351 [1] [AppStarter]:I: [LAN_XFer_Size ] = 1024000
18:25:31:351 [1] [AppStarter]:I: [LogAsync ] = 1
18:25:31:351 [1] [AppStarter]:I: [LogLevel ] = information
18:25:31:351 [1] [AppStarter]:I: [MaxNetworkConnections] = 200
18:25:31:351 [1] [AppStarter]:I: [NetworkAccess ] = 1
18:25:31:351 [1] [AppStarter]:I: [NetworkInterface] = 0
18:25:31:351 [1] [AppStarter]:I: [PurgeCount ] = 5
18:25:31:351 [1] [AppStarter]:I: [RemoteAdmin ] = 0
18:25:31:351 [1] [AppStarter]:I: [UDPPort ] = 62149
18:25:31:351 [1] [AppStarter]:I: [WAN_LAN_Redirect] = 1
18:25:31:351 [1] [AppStarter]:I: [WAN_XFer_Size ] = 51200
18:25:31:351 [1] [AppStarter]:I: [WebAccess ] = all
18:25:31:351 [1] [AppStarter]:I: [Domain ] = tonidoid.com
18:25:31:351 [1] [AppStarter]:I: [ErrorLogRoot ] =
C:UsersPavloAppDataRoamingTonidodatalogserrorlogs](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-75-320.jpg)
![76
20:49:26:547 [25] [TCPServerConnection (default[#14])]:E: Tonido::Core::getZipFile Exception reading
img/close_view.gif
20:49:36:899 [32] [TCPServerConnection (default[#21])]:E: Tonido::Core::getZipFile Exception reading
img/close_view.gif
20:50:13:457 [33] [TCPServerConnection (default[#22])]:E: Tonido::Core::getZipFile Exception reading
img/close_view.gif
20:52:10:967 [6] [Dispatcher]:E: Token not found in List: 1b3d547e-bb7f-494e-b245-0b9b3808549c
20:53:05:354 [29] [TCPServerConnection (default[#18])]:E: Tonido::Core::getZipFile Exception reading
img/close_view.gif
20:53:44:284 [29] [TCPServerConnection (default[#18])]:E: Tonido::Core::getZipFile Exception reading
img/close_view.gif
20:53:45:184 [9] [CoreITunesImporter]:E: Failed to locate iTunes Music Library File, skipping Import
20:54:07:738 [32] [TCPServerConnection (default[#21])]:E: Tonido::Core::getZipFile Exception reading
img/close_view.gif
20:54:45:558 [29] [TCPServerConnection (default[#18])]:E: Tonido::Core::getZipFile Exception reading
img/close_view.gif
20:56:06:108 [32] [TCPServerConnection (default[#21])]:E: Tonido::Core::getZipFile Exception reading
img/close_view.gif
20:56:20:096 [32] [TCPServerConnection (default[#21])]:E: Tonido::Core::getZipFile Exception reading
img/close_view.gif
20:58:19:020 [6] [Dispatcher]:E: Token not found in List: 81828747-f68b-40a5-8863-6b6ce8032cc1](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-76-320.jpg)
![77
REFERENCE LIST
[1] Fusenig, V., Sharma, A., 2012. Security architecture for cloud networking, in: 2012 International
Conference on Computing, Networking and Communications (ICNC). Presented at the 2012
International Conference on Computing, Networking and Communications (ICNC), pp. 45–49.
[2] Kandukuri, B.R., Paturi, V.R., Rakshit, A., 2009. Cloud Security Issues, in: IEEE International
Conference on Services Computing, 2009. SCC ’09. Presented at the IEEE International
Conference on Services Computing, 2009. SCC ’09, pp. 517 –520.
[3] Qaisar, E.J., 2012. Introduction to cloud computing for developers: Key concepts, the players and
their offerings, in: Information Technology Professional Conference (TCF Pro IT), 2012 IEEE
TCF. Presented at the Information Technology Professional Conference (TCF Pro IT), 2012 IEEE
TCF, pp. 1 –6.
[4] Ramgovind, S., Eloff, M.M., Smith, E., 2010. The management of security in Cloud computing,
in: Information Security for South Africa (ISSA), 2010. Presented at the Information Security for
South Africa (ISSA), 2010, pp. 1 –7.
[5] Shaikh, F.B., Haider, S., 2011. Security threats in cloud computing, in: Internet Technology and
Secured Transactions (ICITST), 2011 International Conference For. Presented at the Internet
Technology and Secured Transactions (ICITST), 2011 International Conference for, pp. 214 –
219.
[6] Srivastava,P., Singh, S., Pinto, A.A., Verma, S., Chaurasiya, V.K., Gupta, R., 2011. An
architecture based on proactive model for security in cloud computing, in: 2011 International
Conference on Recent Trends in Information Technology (ICRTIT). Presented at the 2011
International Conference on Recent Trends in Information Technology (ICRTIT), pp. 661 –666.
[7] Tianfield, H., 2011. Cloud computing architectures, in: 2011 IEEE International Conference on
Systems, Man, and Cybernetics (SMC). Presented at the 2011 IEEE International Conference on
Systems, Man, and Cybernetics (SMC), pp. 1394 –1399.](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-77-320.jpg)
![78
[8] A Platform Computing Whitepaper, ‘Enterprise Cloud, Computing: Transforming IT’, Platform
Computing, pp6, viewed 13, March 2010.
[9] Dooley B, 2010, ‘Architectural Requirements of the Hybrid Cloud’, Information Management
Online, viewed 10 February 2010, from <http://www.information-management.com/news/hybrid-
cloudarchitectural- requirements-10017152-1.html>.
[10] Global Netoptex Incorporated, 2009, Demystifying the cloud. Important opportunities, crucial
choices, http://www.gni.com, pp 4-14, viewed 13 December 2009.
[11] Lofstrand M, ‘The VeriScale Architecture: Elasticity and Efficiency for Private Clouds”, Sun
Microsystems, Sun BluePrint, Online, Part No 821-0248-11, Revision 1.1, 09/22/09
[12] Brodkin J, 2008, ‘Gartner: Seven cloud-computing security risks’, Infoworld, viewed 13 March
2009, from <http://www.infoworld.com/d/security-central/gartner-seven-cloudcomputing-
security-risks-853? page=0,1>
[13] ISO. ISO 7498-2:1989. Information processing systems- Open Systems Interconnection. ISO
7498-2
[14] B. Rochwerger et al, “The RESERVOIR model and architecture for open federated cloud
computing”, IBM Journal of Research and Development, vol. 53, no. 4, 2009, pp. 1-11.
[15] R. Buyyaa et al, “Cloud computing and emerging IT platforms: Vision, hype, and reality for
delivering computing as the 5th utility”, Future Generation Computer Systems, vol. 25, no. 6,
June 2009, pp. 599-616.
[16] G. J. Popek and R. P. Goldberg, “Formal requirements for virtualizable third generation
architectures”, Communications of ACM, vol. 17, no. 7, 1974, pp. 412-421.
[17] P. Barham et al, “Xen and the art of virtualization”, in Proceedings of the 19th ACM Symposium
on Operating Systems Principles (SOSP’03), New York, USA, 19-22 October 2003, pp. 164-177.
[18] SUN Microsystems, “Introduction to cloud computing architecture”,White Paper, 1st
Edition, June 2009
[19] J. Varia, “Architecting for the cloud: Best practices”, May 2010.
[20] Sabahi, F., 2011. Cloud computing security threats and responses, in: 2011 IEEE 3rd](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-78-320.jpg)
![79
International Conference on Communication Software and Networks (ICCSN). Presented at the
2011 IEEE 3rd International Conference on Communication Software and Networks (ICCSN),
pp. 245–249.
[21] C. Almond, "A Practical Guide to Cloud Computing Security," 27 August 2009.
[22] http://cloudsecurity.trendmicro.com/ on 12 April 2013
[23] N. Mead, et al, “Security quality requirements engineering (SQUARE) methodology, “Carnegie
Mellon Software Engineering Institute”.
[24] J. W.Rittinghouse and J. F.Ransome, Cloud Computing: Taylor and Francis Group, LLC, 2010.
[25] P. Sefton, "Privacy and data control in the era of cloud computing."
[26] Kresimir Popovic and Zeljko Hocenski , “Cloud computing security issues and challenges,” in
Proceedings of the 33rd International Convention, MIPRO 2010
[27] Gartner Seven Security Risks of Cloud Computing,
http://www.networkworld.com/news/2008/070208-cloud.html, January 2011
[28] T. Garfinkel and M. Rosenblum, “When virtual is harder than real: security challenges in virtual
machine based computing environments,” Proc. 10th Conference on Hot Topics in Operating
Systems (HOTOS’05), vol. 10, USENIX Association, Berkeley, CA, USA, June 2005, pp. 20-20.
[29] R. Chow et al., “Controlling data in the cloud: outsourcing computation without outsourcing
control,” Proc. 2009 ACM Workshop on Cloud Computing Security, ACM, New York, NY,
USA, Nov. 2009, pp. 85 – 90, doc: 10.1145/1655008.1655020.
[30] S. Pearson, “Taking Account of Privacy when Designing Cloud Computing Services,” Proc. ICSE
Workshop on Software Engineering Challenges of Cloud Computing (CLOUD'09), IEEE
Computer Society, Washington, DC, USA, May 2009, pp. 44 – 52, doc:
10.1109/CLOUD.2009.5071532.
[31] E.E. Schadt, M. D. Linderman, J. Sorenson, L. Lee, and G.P. Nolan, “Computational solutions to
large-scale data management and analysis,” Nature Reviews Genetics, Vol. 11, Sep. 2010, pp.
647-657, doi:10.1038/nrg2857.
[32] N. Leavitt, “Is Cloud Computing Really Ready for Prime Time?” Computer, vol. 42, issue 1, Jan.
2009, pp. 15-20, doi:10.1109/MC.2009.20.](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-79-320.jpg)
![80
[33] S. Pearson and A. Benameur, “Privacy, Security and Trust Issues Arising from Cloud
Computing,” Proc. 2010 IEEE Second International Conference on Cloud Computing
Technology and Science (CloudCom), Nov./Dec. 2010, pp. 693-702,
doi:10.1109/CloudCom.2010.66.
[34] Hanna, E.M., Mohamed, N., Al-Jaroodi, J., 2012. The Cloud: Requirements for a Better Service,
in: 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing
(CCGrid). Presented at the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud
and Grid Computing (CCGrid), pp. 787–792.](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-80-320.jpg)
![81
SPECIAL REFERENCE LIST OF LITERATURE REVIEW
[1*] Rongxing et al, ―Secure Provenance: The Essential Bread and Butter of Data Forensics in Cloud
Computing‖, ASIACCS‘10, Beijing, China.
[2*] R. La‘Quata Sumter, ―Cloud Computing: Security Risk Classification‖, ACMSE 2010, and
Oxford, USA
[3*] Mladen A. Vouch, ―Cloud Computing Issues, Research and Implementations‖, Journal of
Computing and Information Technology - CIT 16, 2008, 4, 235–246
[4*] Wenchaoet al, ―Towards a Data-centric View of Cloud Security‖, CloudDB 2010, Toronto,
Canada
[5*] Soren Bleikertz et al, ―Security Audits of Multi-tier Virtual Infrastructures in Public
Infrastructure Clouds‖, CCSW 2010, Chicago, USA.
[6*] Flavio Lombardi& Roberto Di Pietro, ―Transparent Security for Cloud‖, SAC‘10 March 22-26,
2010, Sierre, Switzerland.
[7*] Wayne A. Jansen, ―Cloud Hooks: Security and Privacy Issues in Cloud Computing‖, 44th
Hawaii International Conference on System Sciesnces 2011.
[8*] Jinpeng et al, ―Managing Security of Virtual Machine Images in a Cloud Environment‖, CCSW,
2009, Chicago, USA
[9*] Miranda & Siani, ―A Client-Based Privacy Manager for Cloud Computing‖, COMSWARE‘09,
2009, Dublin, Ireland
[10*] Dan Lin & Anna Squicciarini, ―Data Protection Models for Service Provisioning in the Cloud‖,
SACMAT‘10, 2010, Pittsburgh, Pennsylvania, USA](https://image.slidesharecdn.com/5a884981-a0a6-4fa1-b791-fd668d830768-151128214700-lva1-app6892/85/Cloud-Computing-Security-Final-Year-Project-by-Pavlos-Stefanis-81-320.jpg)
Cloud Computing Security (Final Year Project) by Pavlos Stefanis
- 1. Final Year Project 2013 Pavlos Stefanis NEWYORK COLLEGE CLOUD COMPUTING SECURITY
- 2. 2 CLOUD COMPUTING SECURITY A Thesis Presented to the Faculty of New York College, Athens In Partial Fulfillment Of the Requirements for the Degree of Bachelor of Engineering In Computer Networking By Pavlos Stefanis With supervisors Dr G. Siogkas and Dr J.Pantidas Total Word Count: 14820
- 3. 3 CONTENTS INTRODUCTION AND LITERATURE REVIEW ..............................................................................8 1.1 Introduction ..............................................................................................................................8 Abstract......................................................................................................................................8 1.1.1 Definition of the cloud.........................................................................................................8 1.1.2 Process.............................................................................................................................10 1.1.3 Implementation – Cloud Architecture.................................................................................14 1.2 Domain Background................................................................................................................18 1.2.1 History and literature review..............................................................................................19 1.2.2 Existing Security Threats...................................................................................................22 1.2.3 Existing Security Solutions ................................................................................................24 1.2.4 Security Models – A Proactive methodology.......................................................................27 1.2.5 Evaluation ........................................................................................................................30 ANALYSIS .....................................................................................................................................31 2.1 System Requirements ..............................................................................................................31 2.2 Management EXAMPLE Use Cases.........................................................................................34 2.3 Cloud Management .................................................................................................................35 2.3.1 Management Roles............................................................................................................35 2.3.2 Architecture and functions .................................................................................................36 2.3.3 Utilization ........................................................................................................................38 DESIGN AND IMPLEMENTATION................................................................................................39 3.1 Tonido Cloud Vendor – Use case .............................................................................................41 3.1.1 Installation........................................................................................................................41 3.1.2 Features............................................................................................................................46 3.1.3 Implementing Security ......................................................................................................53 3.2 ownCloud Vendor - Use Case ..................................................................................................61
- 4. 4 3.2.1 Installation........................................................................................................................62 3.2.2 Implementing Security ......................................................................................................66 TESTING ........................................................................................................................................68 4.1Tonido Security Testing............................................................................................................68 CONCLUSION................................................................................................................................72 Personal reflection ........................................................................................................................73 APPENDIX .....................................................................................................................................74 REFERENCE LIST..........................................................................................................................77 SPECIAL REFERENCE LIST OF LITERATURE REVIEW..............................................................81 BIBLIOGRAPHY ............................................................................................................................82
- 5. 5 FIGURE LIST Figure 1 - "Illustrating the Cloud Computing Service Models” [18] .....................................................12 Figure 2 "Representing the Cloud Delivery Models” – [4]...................................................................13 Figure 3 "Cloud Platform Architecture (CPA)”...................................................................................15 Figure 4 "Elasticity – Showing how resources transfer from overbooked storage to free ones"..............18 Figure 5 "Proposed Solution” ............................................................................................................24 Figure 6 "Architecture based on proactive methodology” – [6]............................................................30 Figure 7 "Architecture and security functions”....................................................................................37 Figure 8 "Netbook"...........................................................................................................................39 Figure 9 "PC as Cloud Server"...........................................................................................................40 Figure 10 "Access Point" ..................................................................................................................40 Figure 11 "Image shows the official webpage that the cloud server can be downloaded, Desktop is chosen” “http://www.tonido.com/tonidodesktop_downloads/ - 05 -05 -2013”.......................................42 Figure 12 "Installation Part 1”, Figure 13 "Installation Part 2”.............................................................43 Figure 14 "Installation Part 3”, Figure 15 "Installation Part 4" .............................................................44 Figure 16 "Account Creation"............................................................................................................45 Figure 17 "Tonido Homepage"..........................................................................................................46 Figure 18 "Welcome Tab".................................................................................................................46 Figure 19 "Summary Information".....................................................................................................47 Figure 20 "File Download"................................................................................................................48 Figure 21 "Application list"...............................................................................................................49 Figure 22 "Guest".............................................................................................................................49
- 6. 6 Figure 23 "Guest #2" ........................................................................................................................50 Figure 24 "Guest #3" ........................................................................................................................50 Figure 25 "Configuring shared folders”..............................................................................................51 Figure 26 "Privileges”.......................................................................................................................52 Figure 27 "Guest Log in” ..................................................................................................................52 Figure 28 "Guest homepage”.............................................................................................................53 Figure 29 "Allowed folders setup”.....................................................................................................53 Figure 30 "Browsing for the allowed folder” ......................................................................................54 Figure 31 "Activity log”....................................................................................................................55 Figure 32 "Backup Records” .............................................................................................................56 Figure 33 "History logs” ...................................................................................................................56 Figure 34 "Information log and download tab” ...................................................................................57 Figure 35 "Variety of troubleshooting logs” .......................................................................................57 Figure 36 "Relay settings enabled” ....................................................................................................58 Figure 37 "Remote login configuration”.............................................................................................58 Figure 38 "Remote login configuration #2” ........................................................................................58 Figure 39 "SSL enabled”...................................................................................................................59 Figure 40 "Enable WAN2LAN Re-direct”..........................................................................................59 Figure 41 "IP Filter” .........................................................................................................................60 Figure 42 "WAMPSERVER"............................................................................................................62 Figure 43 "files on the .rar folder of the ownCloud setup downloaded” ................................................63 Figure 44 "Configuring phpMyAdmin”..............................................................................................64
- 7. 7 Figure 45 "Admin creation and Database connection” .........................................................................65 Figure 46 "Login page”.....................................................................................................................66 Figure 47 "Account management” .....................................................................................................66 Figure 48 "Security settings” .............................................................................................................67 Figure 49 “Allowed folder”...............................................................................................................68 Figure 50 “Activity log”....................................................................................................................69 Figure 51 “History Log” ...................................................................................................................69 Figure 52 “Showing remote question and answer” ..............................................................................70 Figure 53 “HTTPS enables successfully” ...........................................................................................71
- 8. 8 INTRODUCTION AND LITERATURE REVIEW 1.1 INTRODUCTION ABSTRACT Cloud Computing is a technology developed recently and being used for personal but also business purposes. Cloud security was vulnerable to threats and many cases had as result data loss, hacking, denial of services and etc but new security models and security tools are being improved. The purpose of this research is to define “cloud computing”, its functionality and implementation, define the function of a cloud security and refer to its existence, a literature review for previews attempts and improvements, a research on open-source security tools, the implementation of a cloud server and demonstration of security protection on cloud servers. Sequence diagrams, use cases will be included for the explanation of the functionality and their interaction with the system, and for business environments a chapter will be included for the management of the physical teams. 1.1.1 DEFINITION OF THE CLOUD As the world of technology and informatics is rising and new ambitions are gained, the more recent topics students choose the more knowledge they consolidate for their future development. Cloud Computing is a modern word and often used for something “new”. It is also said that is destined only to group of experts. The meaning of cloud and its functionality had always existed since the application of the internet took place. Researchers and network engineers gave this technology the name “cloud” similar to the functions that physical clouds have. Cloud technology and networking since its implementation has been used for personal, academic but also business purposes, even famous consortiums take advantage from it or even sell its services. What is cloud? Why made its appearance? What is its function to the real world? The introduction chapter will include these answers and will clear up all the mist in order to explain it in plain terms. [3] To begin with, the reason cloud was put in line was because of firms facing managing problems for data that were excessively stored, either mandatory capacity was limited due to the infrastructure of the business, or out large capacity that leaded to a wasted capital. Apart from those major valued factors such
- 9. 9 as the initial capital, capitals and the service-fix cost, the sophisticated effort for the patching, the managing and the upgrading of the internal infrastructure is a huge obstacle for firm’s development and mobility. As we know, for many firms where client and cultural competency have not the strength to manage large data center environments and infrastructure, it would be wise to upload their files or data backups to another machine via internet, in order to concentrate more on the organizations primary objectives. Cloud computing is the technology or better the ability to upload and maintain data, share/trade software and hardware resources, storage via the internet. The super user of the cloud server is the cloud operator and he/she has access everywhere. [3] In a long and lasting official definition: “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” [The National Institute of Standards and Technology, 16th definition of cloud computing]. From business perspective, the idea of cloud environment is evolving as many firms are switching to this way of infrastructure. It is a cost-effective solution and a tremendous step on new lines of business. A good example is “Apple’s Siri”, that is a “cloud-based natural language intelligent assistant”. Many start- up organizations began with the function of cloud, for example applications (Pinterest) that hold all of their data to cloud servers like Amazon’s Cloud Platform (Amazon Web Services). [3] Cloud computing security is defined as the processes, interactions and policies designed to fulfill security insurance and information protection for a cloud-based environment. It uses both logical and physical ways for the whole sharing system of the cloud like the software (SaaS), platform (PaaS) and infrastructure (IaaS). In a cloud security policy, the cloud provider sets the constraints of the end-user as he is limited to permissions (Acceptable User Policy). Cloud security policy is a mandatory procedure for every corporation and business as the level of cloud security defines whether an organization will choose to trust this network topology or refer to another model. The bad hierarchy and security gaps for organizations which were using cloud servers are published in articles and newspapers and lead other ones not to participate and fear on changing their network way of connection. There are non-profit organizations (Cloud Security Alliance – CSA) of corporation experts, which they research and produce plans of frameworks, guidelines for securing, implementing and enforcing solutions in cloud operating systems. [3]
- 10. 10 1.1.2 PROCESS In this chapter the process of security policy will be described, also an explanation on what the delivery and security models will be included (types of clouds). Types of clouds In order to provide a safe and secure solution plan for a cloud environment, a final decision has to be done on which type of cloud should be chosen. According to the latest information we have, there have been developed only three types of cloud deployment models, which are private, public and hybrid. These are going to be discussed further below. [4] Cloud computing security model has three security and delivery models. These are the following: 1. Private cloud: A cloud platform with dedicated use for home users or special organizations 2. Public cloud: Designated for public clients that can register for a low price of registration or even free and take advantage of the infrastructure (storage of data, software and etc) 3. Hybrid cloud: A private cloud that can expand to manage resources of public clouds Cloud computing service models or “offerings” can be divided in three and they support the above [1,2] models: 1. IaaS - Infrastructure as a Service It delivers computation, network resources,also includes servers, virtual machines, storage, load balancers and other core infrastructure stack 2. PaaS - Platform as a Service Provides platform, business and service tools, adds development and programming applications to IaaS, includes databases, web servers, execution frameworks/runtimes and development tools 3. SaaS – Software as a service Provides applications from the infrastructure of the cloud and implements them on an end-user machine (Sales force CRM, Gmail/Google Apps, Microsoft Live and etc) [4]
- 11. 11 Public Cloud Public cloud is a model which permits access to users via web browser interfaces. In order to have access on it users have to pay in a paying method system like the water supplying metering system with prepaid accounts. In fact that does not only give profit to the cloud providers but also gives them the ability for optimization. Cloud clients then debit their IT charge at a logical level by lowering the capital loss on the IT system infrastructure. From a security perspective, public clouds are less secure according to the other ones because they focus on taking care more on having all the applications online than protecting the data uploaded from possible attacks. Therefore privacy and trust fade out with public clouds and their clients keen on negotiating with private cloud servers for better security results. Possible solutions for this matter would be 1) both cloud provider and client agree on sharing data responsibility in supporting daily checks and validations through their own systems, 2) for each of them to have responsible roles for dealing with security within their permission boundaries. [4] [8] Private Cloud A private cloud is implemented in a corporation’s internal infrastructure data center. It is more manageable to set up security, adjusting requirements and elasticity, and provides more supervision on its application and use. Private cloud offers virtual applications, infrastructure resources with the permission of the cloud vendor, that he/she is responsible to put them available for share and use. It differs from the public cloud server because all the private cloud applications and resources are controlled by the corporation itself, like Intranet. Security on a private cloud server is more secure of the public because it disables the exposition to external and specifies the internal access on privileged users. [9] Hybrid Cloud A hybrid cloud is a private cloud that is connected on one or more outwardly services. It is basically managed on the centric system infrastructure,catered as a single service, and hold on a secure network environment. It provides to its clients virtual IT resources like public and private clouds. Hybrid cloud server’s vendors give more secure data management and provide several parties access the internet with high supervision and protection. It’s an open architecture that allows interfaces with other ‘friendly’ systems. In other words, hybrid clouds are private cloud vendors that keen to expand and be more flexible, like a mix of both public and private. [10] [11]
- 12. 12 To summarize, in deciding which of the three types of cloud is to be deployed, business administrators need to take in consideration the security aspects of the corporation’s architectural structure, further information on the security differences between those cloud models is essential. [4] Figure 1 - "Illustrating the Cloud Computing Service Models” [18] Cloud Computing Delivery Models The next consideration business managers and administrators have to take is related to the three cloud delivery models. “Due to the pay-per-use economy model that pertains to Cloud delivery models, the degree of information security is directed towards adhering to industry standards and legislations among cloud shareholders” [Ramgovind et al. 2010]. [4] Infrastructure as a Service (IaaS) This is a “layer” of cloud computing system that allows dedicated resources of the cloud server/vendor to be used and shared by its number of clients for a price. This means that the cost for the initial capital in computer hardware, servers, processors and networking devices is automatically reduced. They also give the ability to the clients of using different ways for their financial and functional requirements that other data centers cannot offer, because in a cloud system there is much more flexibility and cost effectiveness in adding or removing hardware resources. However, managers and administrators have to pay attention on unceremonious metabolisms of operational expense increase. [12]
- 13. 13 Software as a Service (SaaS) This is a virtualized layer of the cloud computing system that gives the ability to clients that pay for their membership to use software applications for their vendor. This is performed by accessing through a login system via a web browser. Software’s limitation and core’s functionality is managed according to the billing arrangements of each client. The SaaS providers can place their software on their own data centers or they can use the previews model and share it through an external IaaS vendor. The availability of IaaS services is the main factor of the SaaS model. Web browser and internet security is mandatory as the SaaS applications are accessed from it. “Web Services (WS) security, Extendable Markup Language (XML) encryption, Secure Socket Layer (SSL) and available options which are used in enforcing data protection transmitted over the Internet” [Ramgovind et al. 2010]. [13] Platform as a Service (PaaS) This layer is similar to the functionalities of the IaaS but it provides an additional pay-per-use function. The use of virtual machines in this model is a bad factor because they have to protect them against hacking activities, attacks and malware. Therefore, maintaining the applications as also enforcing the security on data forensics and authentication checks during transactions is necessary and costly. [10] Figure 2 "Representing the Cloud Delivery Models” – [4]
- 14. 14 1.1.3 IMPLEMENTATION – CLOUD ARCHITECTURE In a cloud-based environment, which SaaS, PaaS and IaaS are provided, large resources on virtual machines can give greater results on efficiency and flexibility. Every physical host’s resources are virtualized as a Virtual Machine (VM) that runs multiple operation tasks and processes. “Cloud platform provides pools of virtualized resources (computing, memory, saving storage, bandwidth) spanning multiple hosts and storage frames” [H. Tianfield, 2011]. Multi-tenancy is shared on the physical infrastructure of the cloud. [7] Techniques such as storage frames and workload balancing can be used in order to achieve high resource utilization. Workload balancing is accomplished through virtual machine live migration, an application that moves virtual applications between physical ones in a total and stealth (not observed by the users) way. The storage,computing and network resources are the basic virtualized resources offered from a cloud vendor. [7]
- 15. 15 Figure 3 "Cloud Platform Architecture (CPA)”
- 16. 16 Virtualization Technologies Virtualization of technologies has been tremendously advanced in recent years as network engineers in order to reduce IT service costs they increase virtual resource utilization. The common point of all the virtual machines is the infrastructure beneath them, and is presented between the physical and the process infrastructure. The whole nature of the cloud system is converting dynamic physical technologies to virtual and sharing them, so virtualization technologies are essential. [14] Virtualization technology enables the removal of application payload from the physical infrastructure. This means that the physical resources can be separated to logical or virtual ones, according to the cloud providers needs. This is called provisioning. Every physical machine on top of the virtualization should be able to monitor dynamically the logical bottom resources of the cloud. In a true cloud operating server every external using machine can adjust the virtualized resources according to its needs and always in real-time. [15] [16] Virtualization happens also to the server, knows as system virtualization. It is the ability to execute many operating systems simultaneously on the same server. The virtualized server is monitored by the ‘hypervisor’ or VM monitor, which is a program running and simulating one or more operating systems. “Other forms of virtualization include storage and network virtualization, namely logical representations of the physical storage and network resources” [B. Rochwerger]. [17] Further supporting is observed at flexibility of the cloud system, as the hardware due to virtualization can be adjusted as many times the server administrator wants without loss of money or time. Virtual appliances, named VMs with software included for partial or specific task (Web, Database), support the function to create programs rapidly. This combination is one of the key features of cloud computing. [18] Scaling and Elasticity Approaches of scaling infrastructures can be the physical investment or run-time horizontal ones. Scale- up approach for physical investment, supports heavily the investments in more powerful and recent machines (vertical scaling).The component-based scale-out approach manufactures a scalable architecture that invests horizontally in infrastructure growth. Most of businesses and web software exchange their components, connecting their datasets and they create a service pattern. In order to have good results (increments) for this approach, businesses should first predict the demand of regular intervals and then deploy them to the infrastructure. [18]
- 17. 17 Inside the frames of the cloud, separating the components, creating asynchronous systems and scaling them horizontally is very essential, as it will give the ability to scale out by increasing the number of instances on the same component, but also build hybrid models where some components execute with on- premise resources and others use the marketplace and services for extra power and bandwidth. This way results to “overflow” the system workload by using load balancing methods. [18] [19] In a horizontal scaling, applications should concentrate on the availability of the whole application layer than in restoring failure in individual ones. In a cloud platform (built on a virtual pool of servers) when a physical server ‘drops down’ the virtual machines does not fail but restarts its function on the next available physical server. Implementing horizontal scaling simultaneously to ‘bad combined’ application components lead to a strategy that does not depend on the reliability of any component. [19] Scaling tactics do not have to be limited to only one cloud environment. “Surge computing” can be used to accommodate temporary workload increase, depending on the location and the size of the data. In surge computing, applications that are executed in private cloud can require resources from an external cloud server like, i.e. public clouds give resources to excess overflow workload. “Horizontal scaling basically calls for Service-Oriented Architectures (SOAs)” [H.Tianfield - 2011]. The outcome of the horizontal scaling is that as more loose components appear on the system, as better the system scales. [19] “Elasticity is the power to scale computing resources up and down easily and with minimal friction. Elasticity should be one of the architectural design requirements or a system property” [J. Varia, 2010]. [19] Automated elasticity motivates the infrastructure of the cloud to expand and forces it to increase utilization cost-effectively. Elasticity enables application on the cloud computing to grow without additional expensive upgrades. [18] This aspect of elasticity in cloud can be run by auto-scaling on demand. Auto-scaling is defined as the scaling of applications up and down until it matches the unexpected demand without man intervention. Monitoring tools can provide safe scaling based on the metric results. Visibility in resource utilization and process performance can be gained by the use of data analysis tools. Auto-scaling automatically scales cloud capacity based on the data analysis results e.g., security events, history, etc. [19]
- 18. 18 Figure 4 "Elasticity – Showing how resources transfer from overbookedstorage to free ones" 1.2 DOMAIN BACKGROUND Cloud computing has been presented so far as a cost-effective, resulting and multitasking solution. The advantages have been mentioned for the reader to understand the elasticity in the tasks cloud system fulfills. The rapid growth of such technologies and systems is parallel to the growth of security threats. Open (via internet) systems like cloud have endless vulnerabilities because of them being new and public. As a result of this, competition has been increased between cloud vendors and clients target to find which of those is the most secure and safe. Hosts tend to use cloud services for data securing and their utilization so this grows the competition on the market and the security perspective of the cloud managers. This chapter will conclude some of the most major security threats exist, deep analysis will occur describing the high value of importance cloud vendors should have against one of those, solutions of facing security threats on cloud systems created by researchers and testers will be added as long as security models, history and a literature review will be added to show the latest solutions created and evaluated. [5]
- 19. 19 1.2.1 HISTORY AND LITERATURE REVIEW 1. Rongxing et al will be the first of the papers being reviewed. His team proposed of a new security and provenance data forensics tool for cloud systems. Secret documented files included on the tree of the users file system, with the aid of the tool will support their privacy and security. Another use it’s the authentication mechanism they applied to check for unrecognized user access and this comes from the process of examining the resolve disputes of data. The provenance prospect is a process of the ‘bilinear pairing method’ that blocks of data forensics built within the environment. Using security techniques via multiple tests they accomplished to prove functionality on their model. Their work is done successfully as they introduced a functioning system but they could not implement as there occurred complex on mathematical models. [1*] 2. La ‘Quata Sumter et al. states that the growth of cloud computing implementation results to internet security doubted and threats constantly increasing. Clients of cloud vendors and services are seriously discouraged for the weakness of cloud security to protect data and make available when needed. Users doubt the access mechanism on servers of cloud as also its security. To assure and encourage cloud clients for information security, they have proposed a model that keeps track of every move and process is taking place on the information stored. In order to complete this, they demanded a security capture device that will support their model and make it work completely. The advantages are that they have been dealing with customer encouragement about the security concerns but due to the limitation of their model, its practical only for small cloud environments and not recommended for larger ones. [2*] 3. Mladen says that cloud computing came as a system after many practical years on networking and computer technology. This paper is focused on concerns based on ‘cloud computing with virtualization, cyber infrastructure, service oriented architecture and end users’. Key concerns have been taken under consideration and implementation and research made their work important. User’s dissatisfaction pushed them to write theoretical papers based on security concepts and issue authentication. [3*] 4. Wenchao et al. on this research proposed another perspective of solutions through data centric. They have investigated the security requirements of securing data and sharing through applications online. Discussion on forensic, system analysis and data management has been included. They proposed a new security platform known in the short name of DS2 which stands
- 20. 20 for Declarative Secure Distributed Systems. This platform supports the functions of the proposed data securing methods. Network protocol and security policies are managed by the ‘Secure Network Data log (SeNDlog)’ a rooted language that processes networking and access control logic-based tasks. With the aid or Rapid Net declarative networking engine they managed to develop DS2 prototype and they added provenance support according to their belief that will make the security level more stable. “The strength in their work lies on the data centric security that results to secure query processing, system analysis and forensics, efficient end to end verification of data”. Their work should be evaluated from professional cloud vendors. [4*] 5. Due to the cloud computing services and benefits which are safety, security and privacy, Soren et al explained the majority of the influence cloud spreads. Complex and good managing of the web interfaces of a cloud have better results than wrong configured because the second ones can make the whole system vulnerable to threats. The platform of their implementation was “Amazon’s Elastic Compute Cloud (EC2)”. They implemented a security analysis tool and simulate it to real factors. Complex high level query language has been proposed and used to describe the requirements of the configuration. Python and EC2 were the main software used for their implementation. This tool identifies the breaches on the secure sections of the infrastructure and then informs the administrators to check the problem, in other words it works like an antivirus program. The advantages of their work is that they investigated every possible security attack with the proposed tool but it has a huge disadvantage that the software is linked to work with the EC2 infrastructure and not in general systems. [5*] 6. Flavi and Roberto proposed a novel Architecture and Transparent Cloud Protection System (TCPS) for better security management. They claim that they have accomplished integrity in privacy issues in clouds. To identify them, they built a more feasible and more secure architecture which they named TCPS. This system can be used to keep track of every host transfer but also keep the transparency and virtualization of the server. The results of their work are that they created an intrusion detection mechanism built in the architecture but they did not manage to deploy realistic scenarios and test their work, so they could not validate it. [6*] 7. Wayne stated the essentiality of configuring security on critical systems. Facing security issues from end user perspective is mandatory. Security policies with strong commands should keep data checked for dangerous actions and prevent unauthorized access to both clouds and data servers. Their paper focuses on public clouds. Key factors are “end user trust, insider access,
- 21. 21 visibility, risk management, client-side protection, server-side protection, and access control and identity management” [Sabahi, 2011]. The weakness in their work is that they did not outcome of a tool, or a solution on real infrastructure. [7*] 8. Jingpeng et al managed to propose a paper on cloud’s image repository. Their design addresses the risks and can be easily implemented and prove success. Filters in the system infrastructure capture malware and secondly all sensitive to crack passwords are removed and replaced by stronger ones. Clients can choose the required images. Repository maintenance decreases the possibility of running illegal software. The testing’s of this papers show that filters work efficiently in the image management system. They proposed a system “different” from other cloud architectures and showed with aid of filters and scanners that they could detect malicious traffic. The weakness is that captures of filters are not 100% accurate and could lead to legitimate issues as also the scanner cannot capture every type of virus and it has to be updated constantly. [8*] 9. Miranda and Siani are facing problems of data seepage user complain about. This issue puts a serious obstacle on the acceptance of the implementation of cloud and its growth on the market. Some scenarios have been taken under consideration. A client-based privacy manager tool for processing sensitive information inserted in the cloud is proposed. The tool reduces security issues as simultaneously increases privacy safety. The tool has been tested successfully and used in many environments. The privacy manager tool ensures security on services within the client machine. It has a feature that reduces critical data transferred for further actions. Once data is targeted the output is de- obfuscated. The key this tool uses is so secret that even the cloud providers have no right to know. The privacy manager enables end users to contribute to the changes of their personal data, and also rectify them. The strength of their tool proposed is providing access control, user customization and feedback facility but it cannot be implemented to all scenarios. [9*] 10. Dan and Anna proposed a data protection framework for sensitive information. Their proposed framework contains three basic keys: policy ranking, integration and enforcement. Various models have been described for each part. They presented security data models but also cost functions. Their work is tested and simulated but not validated on real environments. [10*]
- 22. 22 1.2.2 EXISTING SECURITY THREATS Within a cloud environment we define as secure policy issues like “privacy, security, anonymity, telecommunications capacity, government surveillance, reliability and liability” [Sabahi, 2011]. There is a difference between each type of client a cloud server deals with. Academia clients require more performance than security protection in comparison with business clients that want their data to be protected more than having use on a high performance system. Gartner’s seven security concerns will be described below. [2] Privileged user access: Fragile data that can be analyzed from outsiders and give them ability of bypassing the ‘physical – logical’ layer of the cloud and gain access on data and software. Regulatory compliance: Clients are responsible for the good management and security of their data, even in a cloud environment. Most cases show that percentage of data loss or privacy intrusion is caused from human factors that were clients. Data location: The exact location of the data clients uploaded is not known by them, and the distributed data storage because of its behavior can lead to loss of control and it is good for customers to know where their data is stored before proceeding to the cloud. Data segregation: Encryption and decryption of data in the cloud is essential but it cannot be the only way of solution as it is vulnerable to attacks. Recovery: In a case of server failure or denial of service how will the data of clients been restored? Does the cloud vendor have a backup plan of reverse engineer and protection of data? Are cloud managers capable of restoring data or they have to be supported from an outsider third part company? These actions are not on clients favor. Investigate support: Cloud services are hard to investigate cause of many customers data placed in the same location, but can also spread infected files to other sets of software. Long-term viability: Cloud providers have to assure their clients that even in a case of a merge in a bigger cloud company there will still be integrity and availability on their data. [2] So, as clients tend to trust and transfer data on third-party hardware servers that are live or virtual online, the cloud vendors have to give IT security solutions and policies to protect clients data. This trend and new responsibility model will give another meaning to the cloud management as more challenges are occurring and more solutions are found. The first question that someone can do to an administrator of IT business environment is if he and the team has the ability to whether prevent a security threat from intruding the infrastructure or deal with a breached security. The answer is two sided as the first responsible for any security breach are the customers themselves and then the cloud security itself. [2]
- 23. 23 A. Data Leakage To begin with, by moving to cloud environments, there are two obvious changes for client’s data. First, data is uploaded from the customer’s machine to a different target area. Secondly, the transfer occurs from a single to a multi-tenant area. This causes possibilities of data leakage effects. This is a major cloud security threat. [21] For its prevention Data Leakage Prevention (DLP) has been invented for the protections of sensitive data. DLP though cannot protect data and it is useless on public clouds due to their nature of architecture, so DLP tools are not the most effective solution in this incident. In public clouds, clients have the authority to control the whole infrastructure so DLP agents cannot act automatically with unwanted results. [22] B. Cloud security issues Internet is a communication model that cloud environments exist from. It uses the TCP/IP protocol which addresses unique IP of users and identifies them over the Internet. Virtual machines similarly to the TCP/IP protocol use IP addresses. A malicious user, internal or external can search for IP addresses. When they find the targets physical server they implant a malicious virtual machine to attack. If a hacker gets access to a VM he can get data of all users, this is possible by copying the data into a hard drive of his own and analyze them in a safe place before cloud providers are alerted. [23] 1) Attacks in cloud Nowadays, several attacks in the IT world have been reported. Clouds give access to legal users that register but can also have stored clients that have criminal purposes. A hacker can use cloud servers for storing his malicious programs, that programs can cause Distributed Denial of Service (DDoS) to the cloud system. If the victim shares the same cloud with the hacker, it would be easier to the hacker to sketch up the attack. This can be valid as mentioned above with virtual machines too. [24] a) DDoS attacks against Cloud The DDoS kinds of attacks are usually taking place on high quantity IP packets traffic on specific entries. Blacklist pattern programs are quickly becoming out-of-service due to overrun. In cloud systems where there is a big amount of clients using it, denial of service has a bigger impact in contrast to single infrastructures. DDoS attacks prefer low cloud resources. The solution is to increase the number of critical resources. Bot-net way of attacking is the most serious problem a cloud could face. [24]
- 24. 24 Most of the anti-attack software published on the market cannot either protect a system from a DDoS attack or stop traffic because it cannot examine which traffic is good or bad. Intrusion Prevention Systems (IPS) [http://cloudsecurity.trendmicro.com] is effective when the attack is located and recognized. Unfortunately, firewalls are not so resulting on DDoS attacks since firewalls transport legitimate traffic and are vulnerable to spy-poof software. [23] b) Cloud against DDoS Attacks DDoS attacks are powerful threats. They are launched from a bot-net with many zombie machines support. Initialization of DDoS occurs when a huge amount of packets are sent to the web server from many sources. Cloud servers can tolerate more effectively those attacks as they have plenty of resources online to defend with, in order to protect from a site shut down. [24] 1.2.3 EXISTING SECURITY SOLUTIONS There are several solutions that exist in the internet environment that can run also to cloud infrastructures effectively but more cloud specified attacks need more expertise solutions. Internet solutions can be used to cloud systems or even improved. Figure 5 "Proposed Solution”
- 25. 25 A. Access Control The mechanisms of access control are tools that enable user authorized access and support the prevention of unauthorized ones to the infrastructure. These mechanisms should analyze users lifecycle by the time they sign up until their de-registration, so it would be sure they had no longer access. Special analysis should be put on user entering privilege mode and can modify system policies. The following steps should be considered to ensure security: I. Control access to information. 2. Manage user access rights. 3. Encourage good access practices. 4. Control access to network services. 5. Control access to operating systems. 6. Control access to applications and systems. In the SaaS model cloud provider is the one responsible for the management of the whole infrastructure. Application is delivered as a service to clients via a web browser so other network controls lose their power and get ignored by the user access controls. Clients should focus to their user access commands. [25] [20] In the PaaS model, cloud provider focuses on the management of access control to servers, network and application infrastructure. IaaS clients are responsible for every management aspect exists in this architecture. Access on virtual machines, storage, servers, and network should me designed to be managed from the clients. B. Countermeasure and fast response Common point in IT and cloud security of networks is investigation of possible problems and threats that can enter the system but more important is the implementation of the special response every problem needs to get. Cloud is set up on a group of specialized storage devices, lead by a custom high distribution coordinator, being available 24/7. For flexibility, scalability and efficiency usage of resources, cloud vendors must produce many solutions to almost any problems they face, in areas with great adaptability and workload analysis. [20]
- 26. 26 1) Partitioning Workloads that have to come across multiple nodes, partitioning on data must occur in order to maximize transaction and better performance. The main goal is to minimize the chances of entering transactions to multiple nodes and result with the answer. [25] 2) Migration A cloud’s main objective is the ability to have flexibility. In the “cloudpedia” this means concentrating more resources on components they need. There is a challenge on database programs that large amounts of data have to be transferred properly to other locations. In migration, the method works like predicting the adaptation time for example like partitioning time and breaking data into smaller parts in order to maintain transactions and simultaneously moving them. [25] 3) Workload Analysis and Allocation For better collaboration between virtual machines and their workloads, it is essential that analysis and classification is done to the resources required in order to estimate the virtual machine allocation memory. [25] C. Trace of user’s behavior Since most of the problems appear due to user novice knowledge on clouds and mistakes, method of tracing the user’s identity and origin has already been implemented. Every cloud vendor knows users unique identity and can easily investigate on his behaviors. In order to maximize security, user’s behavior has to be monitored from underground programs for criminal actions. Every suspicious move will be traced and will warn user or even ban according to the level of the act. In fact, those kinds of monitors have been used in IT environments such as TCP protocols for many decades. A good start would be to implement them also on cloud servers. [20] [25]
- 27. 27 1.2.4 SECURITY MODELS – A PROACTIVE METHODOLOGY Based on the security model of Prashant Srivastana, Satyam Singh et al a proactive methodology is described to improve the security aspects within a cloud environment. [6] This proactive methodology which is followed is listed according to the implementation level: • Create a detailed Cloud Policy. • Identify compatible Cloud Service Provider based on the Cloud Policy above. • Draft a detailed Service Level Agreement with provisions for monitoring of the Cloud Service Provider network and services. • Continuous monitoring by the Security Cloud for policy violation. • The feedback is used to refine the Cloud Policy according to the emerging technology trends and solution. The details on creation of the Cloud Policy and the Security Cloud are described in the later sections. [6] A. Security Cloud Policy Every cloud environment has its own methods and protocols of management and security aspects.Public clouds are the ones that are more vulnerable to threats and sometimes they act as a third party in form of the CSP (Cloud Service Provider). IT companies are assigned to build cloud providers custom made security models. [6] The security cloud policy aims to have a specific goal to every cloud service. It maps the exact security requirements and adopts them. Separated and also “special” cloud policies that are hidden and authorized only to IT managers have more benefits as they can specify all the security issues of the organization without contributions. [6]
- 28. 28 B. Creating the Security Cloud Policy Privileged user access: Cloud provider must acknowledge that administrator and managers should have HR experiences as well. Regulatory Compliance: Provider has to give allowance to third party audits for regulatory issues. Data logs should be also included. Data Location: Independence on data locations is one of the factors cloud is created. The provider must align boundaries to data that exceed their limit for better control. Data Segregation: Cloud specialists have to be able to investigate encrypted files so they can sort it as safe or threatening. The cloud provider must use standard encryption. Recovery: Business Continuity Plan must be afforded as a method of data being destroyed, in order to recover from severe incidents. Guaranteed time must be included. Investigative Support: Illegal activity investigation on a cloud environment is difficult. Even experts sometimes cannot target criminal behavior. Requests on outside investigative companies can be helpful. Long Term Viability: In case of mergers, a clear mandate has to assure clients what happens to their data. Data Management: This section has to determine teams, privileges, management policies and etc. Details can be performed and revealed transparently. Application security: Application layer should be tested for security concerns. Provider has to set the security requirements and features to the developers and the security team. Security model of cloud provider interfaces: The APIs must be supported with a great security model. Provider HR Policy: It is essential to analyze the human resources policy of the cloud provider. Secure data deletion: Attackers can always press hacking forces onto data rejected and get useful information. Therefore, providers have to assure persistent data deletion. Information from Provider: The provider must supply the other company teams with useful logs and data grams in order to check risky criteria. [26] [27]
- 29. 29 C. Security Cloud Monitoring public blacklists for one’s own network blocks: 24 hour checks have to be performed between the Cloud Service Provider and public black lists. Companies using cloud systems do not prefer that their service ends to a spam activity or DDoS situation. Vulnerability Assessment: Insurance on the current health of the network provided has to be checked and confirmed for network resources via automated software tools. Penetration Testing: Tools that penetrate the network should be used but with great supervision in order not to lose connection and cause a limited network to the clients. Open Source Penetration Testing frameworks are OSSTMM and etc. Log Analysis: Cloud Service Provider due to the cloud policy requirements has to perform checks and tests and report any issue or gap to the management team. Host Based Intrusion Prevention System: In the IaaS delivery model, only storage and basic networking is provided. It is estimated that client will provide OS and apps. HIPS (Host Based Intrusion Prevention System) can be used for security reasons. These results lead to an effective system. [6] Security cloud model is effective to private cloud models but always attached to the company’s security policy. Except from testing, scanning and penetration, it can be able to check password weakness with famous deciphering programs offline. [6]
- 30. 30 Figure 6 "Architecture based on proactive methodology” – [6] 1.2.5 EVALUATION The problem of private clouds is that they are often underutilized until they get in a larger environment. This parts train cloud developers and administrators of a company with the ability of having the insight key of cloud architecture but also avoid exposing the company to threats implementing a public cloud. The Security Cloud model provides security solutions not only to the Public cloud but also to the private infrastructure. Penetration testing and vulnerability scanning improves the overall performance. Public cloud providers guarantee results in addition to a good cloud policy. In order to achieve high security and defense, cloud providers are strictly monitoring the whole system 24/7. Finally, updates to the cloud policy of a company prepare the company and reduce chances of being attacked from the latest threats of security.
- 31. 31 ANALYSIS 2.1 SYSTEM REQUIREMENTS In the ISO 7498-2 standard, which is invented by the International Standards Organization (ISO), informatics security should be managed in a way it covers all points and themes. These type of standards should be also invented for Cloud Computing Security to make it a stable system. The requirements will be listed above: I. Identification & authentication Depending on the type and delivery model of a cloud, specific users must first gain stable access to the system according to their supplementary priorities and afterwards permissions may be granted. This process’ aim is to secure user verification by applying username and password protection to every cloud profile. [4] II. Authorization Authorization is one of the key elements in the security requirements of a cloud environment so that it can maintain referential integrity. This requirement sets up the rules of control and privileges over the processes happening to the Cloud. System administrator is the system maintainer of a Private cloud. [4] III. Confidentiality Cloud computing is attached to such requirements as trust and confidentiality because of users data that are stored and transferred via multiple foreign databases. It is essential when implementing onto your cloud a public cloud because of the characteristics of the public cloud. Confidentiality and protection on users profiles and data that have virtual access, gives the advantage to the information security protocols to enforce different layers of cloud applications. [4] IV. Integrity In order to maintain integrity in user data, users have to apply the secure diligence when accessing their data. Therefore ACID which stands for Atomicity Consistency Isolation and Durability properties must be enforce to all cloud network, services and delivery models. [4]
- 32. 32 V. Non-repudiation The particular requirement can be earned by the implementation of e-commerce security protocols and token provisioning to data transmission inside cloud applications such as digital signatures, timestamps and confirmation receipts services (digital receipting of messages confirming data sent/received). [4] A. Security High security issues are usually attached to problems with virtual environments which run virtual components like supervisors that control the virtual communication. Companies that have IT and management teams can implement their own security policies to achieve identity verification. Therefore organizations must choose the correct cloud service according to its unique mechanisms. It is mandatory to avoid malfunctions such as cloud providers’ debility of accessing the users’ data. This results to a problem because due to cloud’s range of structure, high computation and communications costs are extremely expensive in order to implement also high security. [28] [29] B. Privacy Organizations find it hard to trust cloud providing environments to manage and store their sensitive data. Indeed, privacy of data is a major problem but also a requirement that is still under investigation. Users are not allowed to know the exact geographic location of their data yet. This results to ethical and regulatory issues from country to country. Due to fact of these concerns, providers have to supply consumers the necessary guarantees. To summarize, protection must be applied to user data while providers cannot access them. [30] [31] C. Availability Availability is the most critical information on security requirements of a cloud infrastructure because it is the basic decision factor for deciding which type of cloud (private, public and hybrid) and delivery model, vendors should install. The SLA is the most important document for referring to the dismay of availability in cloud architecture between client and provider. Most of organizations have high demand on requests like availability due to their demand on computing resources. Many organizations way of life, is stringed to the use of resources and operations that are stored in the cloud, for example banking or financial organizations. Many failures on cloud systems have reported nowadays to security attacks, natural disasters and cloud providers must find solution and ensure that they are able to manage such problems and keep business continuity to their services. So, recovering from such factors makes a grand point onto peoples choosing between cloud providing companies. [32] [33]
- 33. 33 D. Auditing Audits are ordinary and spare mechanisms that run on several organizations. They monitor and record all the operations going on within the system and keep log of each activity. Appropriate auditing mechanisms have not been published yet. This issue is based on auditing programs that are compiled to a cloud system. They affect its storage, performance and availability. Also applying other companies to monitor a cloud systems data with special cloud designed auditing programs can cause serious issues to the trust of major corporation customer’s accounts. [33] E. Flexibility Business customers often change their requirements according to their needs so cloud providers have to maintain a flexible cloud system in order to deal requirements like this. Cloud computing providers have to supply businesses their flexible plans. Cloud computing companies with high flexibility can approach dynamic organizations where new services and demands are continuously requested. [34] F. Archiving Archiving is used to store data that are not used at the moment but they may be used in the future. Keeping such data means having high storage and resources not only for those but also for their backup. This results to additional costs to the services. This requirement makes a great feature for cloud providing companies in leading great competition. [34] G. Quality of Service Service customers and application users need high QoS on their operations. In this case, Cloud environments have to be enforced with parameters and policies that vary for each customer type. These agreements are usually placed in the SLA(s). “QoS-based resource allocation mechanisms support different SLA(s)”. [Eileen Marie Hanna, Nader Mohamed, 2012] Due to time changing and dynamic businesses, cloud service providers must not maintain a stable QoS policy but a hybrid one that will let customers build and change parameters according to their needs. [34]
- 34. 34 Governmental Applications Large – Scale Computations Financial Services Healthcare Applications Online Entertainment Archiving High Low/Medium High High Medium Audit High Low High High Low Availability Medium/High Medium High High High Flexibility Medium Low High Medium Low Privacy High Low High High Low Security High Low High High Medium QoS Medium Medium Medium Medium High Scalability Medium High Medium Medium High TABLE 1 – REQUIREMENTS SUMMARY [34] (Hanna et al., 2012) 2.2 MANAGEMENT EXAMPLE USE CASES Business client travelling: This use case contains a business client with business partnership that travels abroad with a portable device (laptop, smart phone and etc) and uses them to have access to one of the virtual machines provider from the service provider which is normally within the cloud system. Specific security demands are reported from the service user (business man) according to his company working for. Example of a security demand may be that the virtual resources must be located in Australia or Europe and must follow the “ISO 27001:500” certification. [ISO/IEC 27001:500 - Information security management systems - Requirements, 2011.] [1] In case the business man travels in Australia the service provider is instructed to move the virtual resources to this country and keep low latency. This transfer has to be done with caution and always inside the terms of agreement of the security demands (ISO 27001:500 certified). On any case that the service user travels to a different country of those that are included in the service agreement, the service provider will not make any transfer of the virtual resources. [1]
- 35. 35 Cheap Storage and Processing: This use case has as main character a service user which is interested in cheap resource processing and storing. Small businesses those who need intensive calculations like for example video rendering. Service user’s constraint is that the service must be operated in a data center at the lowest price. In this use case latency is not an important factor. For that reason Service Provider takes the cheapest virtual infrastructure provider with the constraints of the SU. In case processing takes longer the SP can move the task to another infrastructure provider cheaper from the first one. Differentiation on prices can be due to the current work load (for example different time zones or prices from energy). [1] 2.3 CLOUD MANAGEMENT 2.3.1 MANAGEMENT ROLES Service User: A service user is the client of a cloud computing system that pays for access on the infrastructure of the cloud. This person is authorized to use cloud resources by permission he/she gains from the service provider. This is managed by using a request mechanism. [1] Service Provider: Service providers are the ones that provide services to the service users. They are responsible for mapping the requests and the security constraints of the service user to the infrastructure provider. He/she has some difficult and delicate tasks as he/she has to deliver the service user’s security demands. Service providers also take the role of the virtual infrastructure provider. [1] Virtual Infrastructure Provider: Virtual infrastructure providers are the ones that provide IT virtual infrastructure, where services can be installed on. Service provider uses the virtual infrastructure for their services. The VIP (Virtual Infrastructure Provider) owns the hardware where virtual machines are running on. [1] Virtual Resource: Virtual resources are virtually processing, storing or network entities that are located on the physical resources of the virtual infrastructure provider. [1]
- 36. 36 2.3.2 ARCHITECTURE AND FUNCTIONS The architecture is consisted of three functional teams: the service team, the service provider, and the virtual infrastructure. Service User Functions REQUEST OF VIRTUAL RESOURCES In simple architectures used for understandable reasons, a service user/client can request virtual resources (software, memory, data and etc) from the service provider. The request consists of a variety of goals such as type of resource, quantity, also optimization parameters like price and latency demands, and finally security goals. Security goals can be translated into the service user side with the aid of translation tools. [1] Service Provider Functions REQUEST OF VIRTUAL RESOURCES The service provider may sound like the one that offers only the various requests demanded but he/she also has functions of requesting. This function is requesting virtual resources to the virtual infrastructure provider(s). Before this procedure is completed, the service provider examines and reports all the security parameters of the service user to the virtual infrastructure provider. Only in case that the virtual infrastructure provider provides the allowance of offering to the service user, the service provider can request these resources. The goals of the request function are the same as the goals of the service user ones. [1] DELIVER VIRTUAL RESOURCES After receiving the allowance to access the virtual resource material from the virtual infrastructure provider, the service provider gives access to the service user. Virtual Infrastructure Provider Functions OFFER VIRTUAL RESOURCES AND SECURITY CONSTRAINTS The virtual infrastructure provider offers virtual resources and security functions to the service provider.
- 37. 37 INVOKE VIRTUAL RESOURCES AND SECURITY CONSTRAINTS “In case that the virtual infrastructure provider receive request for virtual resources from the service provider, he/she invokes the virtual resources and activates the requested security functionalities.” (Fusenig and Sharma, 2012) DELIVER VIRTUAL RESOURCES After having started the procedure of the virtual resources and security constraints, the virtual infrastructure provider gives access to resources for use of the service provider. Figure 7 "Architecture andsecurity functions”
- 38. 38 2.3.3 UTILIZATION Utilization of the security architecture and functions can be shown by implementing the second use case where the service user is requesting cheap processing and storing resources. [1] From a first glance of sight, the virtual infrastructure providers VP1 and VP2 offer access to security functions and virtual resources to the service provider. VP1 provides Advanced Encryption Standard (AES) encryption and storage resources with key length of 256 bit as a security parameter. VP2 also offers the same but it provides the Data Encryption Standard (DES) encryption system which supports only 56 bit key length. [1] The SU (service user) requests access to virtual resources from the service provider. SU demands 100GB of storage that is AES-encrypted with a bit key length amount of 128. VP1 invokes the virtual resource by allocating 100GB storage, encrypting with the AES encryption system with 128 bit key length and then delivers access to the service provider. The service provider forwards is to the service user. [1]
- 39. 39 DESIGN AND IMPLEMENTATION For the implementation part of the project it is being assumed that there exists a SP (Service Provider) that renders the cloud which for the purposes of the implementation this will be the desktop computer environment. Clients have to exist in order for a cloud to work along its meaning and the clients on the implementation use cases will be connected through a net book. Figure 8 "Netbook" “Acer net book” usedfor client purposes, login on cloud renderer and use of its capabilities. DDR2 533 MHz SDRAM memory interface design - Intel® Atom™ processor N270 (1.60 GHz, 533 MHz FSB, 512 KB L2 cache) - Windows XP® Pro
- 40. 40 Figure 9 "PC as Cloud Server" Desktop computer manufacturedin “Multirama” used for the cloud rendering and server purposes, administration login and security constraints. DDR3 1333 MHz SDRAM memory interface design 4.00GB - Pentium Dual-Core CPU E5700 @ 3.00GHz - Windows 7® Ultimate Edition Figure 10 "Access Point" “Pirelli” Router Access Point with wireless capabilities up to 24Mbps.
- 41. 41 3.1 TONIDO CLOUD VENDOR – USE CASE Tonido Desktop© gives you the ability to produce your own cloud server on any machine. This means that a machine that is being the server can be online and get accessed by any computer, laptop, tablet and etc worldwide. Its use and installation it’s very easy and will be explained below with the use of screenshots. The use of this software is to create the cloud vendor on the desktop machine and act like it is a service provider. Secondly security constraints have to be put in order that the server can be secure and privacy maintained as these are the requirements of a secure cloud environment. “Every illustration of the software and software rights belong to the respective owners of Tonido©, Codelathe LLC, and are only used for educational purposes”. 3.1.1 INSTALLATION This part will explain through images captured the process of installing the cloud server of “Tonido Rendering software”.
- 42. 42 Access to the webpage Figure 11 "Image shows the official webpage that the cloudserver can be downloaded, Desktopis chosen” “http://www.tonido.com/tonidodesktop_downloads/ - 05 -05 -2013”
- 43. 43 Installation Steps Figure 12 "Installation Part 1”, Figure 13 "Installation Part 2”
- 44. 44 Figure 14 "Installation Part 3”, Figure 15 "Installation Part 4"
- 45. 45 After following the previews steps, Tonido is successfully installed and it can be launched. A small icon in the shape of sun is appeared at the bottom of the screen (right corner on the clock taskbar). In grey color means that the server is offline, one yellow server is online. Figure 16 "Account Creation" “Figure 16, this image shows the account creation of the server, strong password and an account name is required as this represents the password of the administrator. These can be changed in the future through the settings tab. Account name: CloudCompSecure and Password:123pedianyc456 ”.
- 46. 46 3.1.2 FEAT URES Getting started tab Figure 18 "Welcome Tab" Figure 17, this particular getting started tabensures security within the server, even in the free edition. Figure 17 "Tonido Homepage" Figure 18, the below picture shows the home page of the server and sorts the functions of the user.
- 47. 47 Summary Information Status Figure 19 "Summary Information" “Figure 19, this image shows the status information of the server. It is essential for every administrator as it can even check for security gaps for example like total files transferred in case that more files of what should be transferred where transferred.”
- 48. 48 Downloading files Figure 20 "File Download" “Figure 20, this image was captured from the client (net book), as administrator login. It shows that the server is available and online and that every device can access it and connects using the administrator account name and password. Client managed to download the file successfully.
- 49. 49 Application list Figure 21 "Application list" “Figure 21, this image shows the application list of 3rd party applications installed. Backup application was installed for security purposes.” Adding up guest accounts Figure 22 "Guest"
- 50. 50 This section of guest accounts will show how the admin can manage the guest users (clients). The admin can add an account name and password of its own to the server and then offer it to the client. The client then can login through this but always according to the permissions administrator has granted. Figure 23 "Guest #2" “Figure 23, username for client is nycpedia and password: 123456789” Figure 24 "Guest #3"
- 51. 51 Configuring the guest shared folders and permissions Figure 25 "Configuring shared folders”
- 52. 52 Figure 26 "Privileges” Guest Login Figure 27 "Guest Log in” Figure 25 and Figure 26, these photosillustrate the configuration for the privacy of the sharedfolders. In figure 25, a root on the C:UsersPavloDocuments has been added to the shared folders with the name of Documents. The Figure 26 at the right shows the permission of read and access to the “nycpedia” user account. In this case the user is allowed. Figure 27 – Guest Sign In and Figure 28 Guest Homepage. These images show the guest signin method. After guest signs in he can access only the folders administrator allows, which in this case is the Documents folder
- 53. 53 Figure 28 "Guest homepage” 3.1.3 IMPLEMENTING SECURITY Security constraint #1 – Access to folders Figure 29 "Allowed folders setup”
- 54. 54 Figure 30 "Browsing for the allowed folder” This security constraint gives the ability to the administrator of choosing the folders being public and which of those private. Every cloud environment has such functions so no user can access foreign folders or system files. The administrator can check this through the permissions.
- 55. 55 Security constraint #2 – Activity check Figure 31 "Activity log” Figure 31, this image shows the administration ability to check the activity on the cloud server. Security constraint #3 – Backup Records One major cloud requirement is the backup plan. Every cloud system should have a backup application and storage for files and data essential. The below image illustrates the backup application of the server.
- 56. 56 Figure 32 "Backup Records” Security constraint #4 – History logs Figure 33 "History logs” This security constraint updates the service provider for every action performed within the shared folders of the system.
- 57. 57 Security constraint #5 – Troubleshooting logs The following logs these pictures show are more advanced as the .txt file downloaded has programming code and high level language in order that administrators can only understand it. This logs show information about the system, they vary from information, trace, debug, notice, warning, error, critical and fatal logs that according to the subject they are filled with useful for the administration information. Figure 34 "Information log and download tab” Figure 35 "Variety of troubleshooting logs”
- 58. 58 Security constraint #6 – Relay Settings Figure 36 "Relay settings enabled” Security constraint #7 – Remote Login Question Authentication Figure 37 "Remote login configuration” Figure 38 "Remote login configuration #2”
- 59. 59 This security constraint has a function of providing a feature of enabling an authentication question to the client accessing the server remotely. After the login, user has to answer a question of authentication the administrator has set. The Remote Question on this case is “University of?” and the Remote Answer is “Greenwich”. Security constraint #8 – SSL enabled Figure 39 "SSL enabled” Security constraint #9 – WAN to LAN security and better performance Figure 40 "Enable WAN2LAN Re-direct” When devices connect to cloud server through LAN they change from WAN to LAN and have better performance and enhanced speed.
- 60. 60 Security constraint #10 – IP filtering Figure 41 "IP Filter” The previews image shows that Tonido settings can provide the administrator of the cloud server the right to give access or block IP ranges. This can block ‘dangerous or suspicious’ IP addresses from having access to the webpage login.
- 61. 61 3.2 OWNCLOUD VENDOR - USE CASE The “ownCloud” cloud software is open-source software which can be used for private but also educational and business purposes. In this part, ownCloud will be used as a use case like Tonido to explain the steps of installation of open-source cloud vendors and also the implementation of their security. This software is published for all OS and programming languages. It can be downloaded from http://owncloud.org and installed completely free. The software team provides files for windows installation as CMS, Linux and Unix-based machines as also php files. “For the installation of “ownCloud”, it is required to have installed on the machine Wampserver (it includes apache server, phpmyadmin, and mysql) Visual C++ Notepad++ Once installed “wampserver” with apache should be started first running at port 80.”
- 62. 62 3.2.1 INSTALLATION WAMPSERVER and APACHE Figure 42 "WAMPSERVER" “Figure 42 – WAMPSERVER 2.2 running offline. Apache, PHP and MySQL set on” This picture shows desktop of server which runs the wampserver and apache at port 80
- 63. 63 ownCloud files list downloaded Figure 43 "files on the .rar folder of the ownCloud setup downloaded” While wampserver is running with apache on, the files of the ownCloud server must be copied to the directory of the wampserver under the ‘www’ folder. In this case the directory is “E:Wampserverwampwwwowncloud”. After copying is complete, ownCloud is installed successfully. One last thing to do is set up the phpMyAdmin on “ http://localhost/phpmyadmin ” where there must be created a new user with localhost name and a password. This is going to be used in the future for the mySQL database on the ownCloud configuration.
- 64. 64 phpMyAdmin configuration Figure 44 "Configuring phpMyAdmin” After this configuration ownCloud is completed and it can safely be opened locally at http://localhost/owncloud or http://127.0.0.1/owncloud .
- 65. 65 Account creation and administrative rights Figure 45 "Admin creation and Database connection” Commands: - Admin and password of choice Database Configuration - Root - *Password used at phpmyadmin - Owncloud - localhost
- 66. 66 ownCloud login Figure 46 "Login page” 3.2.2 IMPLEMENTING SECURITY Account creation for client users Figure 47 "Account management”
- 67. 67 The previews figure shows that accounts can be created by the administrator. The administrator knows all the passwords and can sort accounts to different groups according to privileges, also storage can be set according to client’s choice. The account creation and sorting enhances security to a level that admin chooses the privilege user have and keeps important system files away from their cloud environment. Security settings Figure 48 "Security settings” Like in Tonido Desktop, ownCloud provides options on whether the admin will enable share API, links and resharing. Security can be enforced using HTTPS and encrypts the connection. Log files and varieties are offered to inform administrator for any change on the systems that has been done
- 68. 68 TESTING Testing is the section where security will be tested for proper functioning. The most basic and important security constraints have to be tested and the results will be explained. The testing will be implemented on the client machine (net book) and the cloud server will be in the desktop machine. 4.1TONIDO SECURITY TESTING Security Test #1 - Allowed folders for guest accounts Figure 49 “Allowed folder” The image shows the homepage of a guest user (client) that has already logged in the cloud server. In the implementation section administrator made accessible only the ‘Documents’ folder for the nycpedia account. The ‘nycpedia’ client can access only the documents folder so the other files of the system are being secured and protected from irresponsible control. Security Test #2 – Activity Status The following image shows the administrator login (cloudcompsecure logged in) and the time of that incident. The account ‘nycpedia’ refers to the client user that has logged in via the client machine (netbook), and backup app is the application installed on the cloud system. Applications that are installed or launched are listed in the activity log and inform the administrator. Administrator can control automated app installation malfunction or even hackers trying to install malware application in the system.
- 69. 69 Figure 50 “Activity log” Security Test #3 – History Log Figure 51 “History Log” The previews image shows that the nycpedia user has entered the ‘Document’ folder and downloaded the ‘cc.txt’ file of 270bytes size on 05 May 2013. This keeps the administrator up to track of what is going on the system and also trace user’s activities.
- 70. 70 Security Test #4 – Remote Question Figure 52 “Showing remote question and answer” This image tests whether by accessing the cloud remotely the additional security of question will appear. The administrator that wants to log in remotely must also answer to the remote question to log in, otherwise the system will not be able to grant him access and he will have to log in only from the server location. Security Test #5– HTTPS encryption This test wants to prove that the https is enabled and that the connection is encrypted with http security. The results are positive as it is proved by the illustration above.
- 71. 71 Figure 53 “HTTPS enables successfully” Security Test #6 – Troubleshooting Log The troubleshooting log* is a log the system creates for more advanced users such as the administrator that only he/she or the IT team can access it and read it. This log contains all the useful information of the system, the status of the server and all the system activities. *The log will be provided on the appendix section at the end of the project. No screenshot required for evidence.
- 72. 72 CONCLUSION In conclusion, for the completion of this project many topics have been read in order to produce this work. Education starts by first learning students how to use the alphabet, after this major step, students learn how to produce words and then make logical sentences. On this project, the same method was used as the previews sentence states. To begin with, an introduction navigated the reader through words and technical terms that were defined afterwards in order to be understood and proceed to more advanced sections. In the introduction section, the term ‘cloud’ has been defined as long as ‘security’ and there was clearly defined from what scope the reader should investigate this project. Introduction part also included the delivery models, the cloud architectures, threats, existed solutions and methodologies. The second major part of the introduction followed by the literature review, which was based on a white paper published on 2011. This paper included all the latest security tools and models for cloud environments and a review was given for each of them. The second part of the project was the analysis section. In this section, topics like system requirements and cloud management where investigated. The system requirements topic is essential as it describes the main considerations cloud providers should have when creating cloud environments. Every system has goals and requirements. In order to maintain a complex system like a cloud, management teams have to be set up and have assessed privileges, so this section analyzed the main roles and functions management teams must have. The implementation and testing sections compose of the second half of the project. In this section, two open-source cloud vendors were chose to be tested, ‘Tonido Desktop’ and ‘ownCloud’. The implementation section targets to the exhibition of the installation, main features and security of those cloud servers. The installation, the implementation of security in those programs and their main functions were described and illustrated via figures and screenshots. A desktop machine was chosen for the cloud server role and a net book for the cloud client. The testing section focuses on testing the correct implementation of the security on the cloud servers and proves full functionality. The aim of this project is to theoretically explain the definition of the cloud, step by step appropriation of the reader on such terms and learning to keep a scope of security. The security threats and solutions have been referred along to a proactive methodology for more advanced cloud implementers. Security considerations have been highlighted in the analysis section. The installation and testing of the cloud
- 73. 73 servers (Tonido and ownCloud) focused on teaching the reader the way examining the security on a cloud system and what security concerns to be focused on. PERSONAL REFLECTION The final year project gave the opportunity on choosing amongst all the topics on computer engineering which is the most interesting for the student and makes him/her responsible for it so that he/she will keep researching on it. This project gave knowledge on learning on a new system that is not included on any lesson during the course. This has a result of gaining more knowledge on the computer science field and good preparation for future use and personal development. Responsibility is the key value of an IT engineer as in order to succeed to his career he or she has to be well-prepared, handle time-management like keeping on deadlines and manage carefully the security of the systems. This project gives the opportunity on researching an ‘unknown’ topic field like cloud computing and by understanding it proceed on the hardest part of implementing security. It gives you not only the responsibility of work and time management but also gives you an ethical lesson on not plagiarizing others work by learning how to refer other writer’s work properly. Software graphical skills were developed as there was necessary the need of creating our own illustrations and sequence diagrams. Proper Harvard referencing has been learned and improved. Proper thesis writing experience has been gained as there has not been demanded in the past. Other writers work has been read carefully with respect to their work and wrong conclusion was not produced. Experience on finding trustworthy sources has been gained and trusted sources have been used for the completion of this project from libraries and online library databases. The only drawbacks of this project are that it turned out to be more theoretically. Another one is that it could lead to a better result if the testing of ‘ownCloud’ could be fulfilled. This could not be implemented as it could not been published on the client user and be online. In case the security testing of this cloud server was completed there would be also a comparison between the securities of this two cloud servers. Another drawback is that the security tools mentioned on the literature review were not compiled to the system as they were only developed in theory and the other ones that were produced were not open- source or trial mode and therefore they could not be used inside the cloud servers for implementation and better security performance. Theoretically, in case these tools of data forensics, login token certifications and etc were used in a real cloud environment the security would be much more enforced.
- 74. 74 APPENDIX 18:25:31:349 [1] [AppStarter]:T: ***********STARTING*****TONIDO********** 18:25:31:350 [1] [AppStarter]:I: Tonido Working Directory: C:UsersPavloAppDataRoamingTonido 18:25:31:350 [1] [AppStarter]:I: Running on OS : Windows NT 18:25:31:350 [1] [AppStarter]:I: Running on OS Version : 6.1 (Build 7601: Service Pack 1) 18:25:31:350 [1] [AppStarter]:I: Running on OS Arch : IA32 18:25:31:350 [1] [AppStarter]:I: Running System Version : 3.66.0.23160 18:25:31:350 [1] [AppStarter]:I: Running Message Version : 0.0.0.1 18:25:31:350 [1] [AppStarter]:I: Built on : Mar 31 2013 18:25:31:350 [1] [AppStarter]:I: Using AppRoot : C:UsersPavloAppDataRoamingTonidodata 18:25:31:350 [1] [AppStarter]:I: Host Name : PAVLO-PC 18:25:31:351 [1] [AppStarter]:I: Using PeerDomain : tonidoid.com 18:25:31:351 [1] [AppStarter]:I: Using PluginListURL : http://patch.codelathe.com/tonido/live/pluginlist/x86- win32/pluginlist.xml 18:25:31:351 [1] [AppStarter]:I: [AppRoot ] = C:UsersPavloAppDataRoamingTonidodata 18:25:31:351 [1] [AppStarter]:I: [DSBaseURL ] = https://s1.codelathe.com/api/ds/tonidods.php 18:25:31:351 [1] [AppStarter]:I: [DomainListURL ] = http://info.codelathe.com/domainlist/domainlist.xml 18:25:31:351 [1] [AppStarter]:I: [PluginListURL ] = http://patch.codelathe.com/tonido/live/pluginlist/x86- win32/pluginlist.xml 18:25:31:351 [1] [AppStarter]:I: [RSSURL ] = http://info.codelathe.com/news/rssfeed.xml 18:25:31:351 [1] [AppStarter]:I: [RelayServiceURL] = https://s1.codelathe.com/api/relay/getrelay.php 18:25:31:351 [1] [AppStarter]:I: [UsageStatsURL ] = http://info.codelathe.com/stats/tonidousagestats.php 18:25:31:351 [1] [AppStarter]:I: [DefaultLanguage] = english
- 75. 75 18:25:31:351 [1] [AppStarter]:I: [DomainServerPort] = 24465 18:25:31:351 [1] [AppStarter]:I: [EnableDNS ] = 0 18:25:31:351 [1] [AppStarter]:I: [EnableDomain ] = 0 18:25:31:351 [1] [AppStarter]:I: [EnableErrorLog ] = 1 18:25:31:351 [1] [AppStarter]:I: [HTTPProxyHost ] = 18:25:31:351 [1] [AppStarter]:I: [HTTPProxyPort ] = 80 18:25:31:351 [1] [AppStarter]:I: [HttpPort ] = 10001 18:25:31:351 [1] [AppStarter]:I: [KeepLog ] = 1 days 18:25:31:351 [1] [AppStarter]:I: [LAN_XFer_Size ] = 1024000 18:25:31:351 [1] [AppStarter]:I: [LogAsync ] = 1 18:25:31:351 [1] [AppStarter]:I: [LogLevel ] = information 18:25:31:351 [1] [AppStarter]:I: [MaxNetworkConnections] = 200 18:25:31:351 [1] [AppStarter]:I: [NetworkAccess ] = 1 18:25:31:351 [1] [AppStarter]:I: [NetworkInterface] = 0 18:25:31:351 [1] [AppStarter]:I: [PurgeCount ] = 5 18:25:31:351 [1] [AppStarter]:I: [RemoteAdmin ] = 0 18:25:31:351 [1] [AppStarter]:I: [UDPPort ] = 62149 18:25:31:351 [1] [AppStarter]:I: [WAN_LAN_Redirect] = 1 18:25:31:351 [1] [AppStarter]:I: [WAN_XFer_Size ] = 51200 18:25:31:351 [1] [AppStarter]:I: [WebAccess ] = all 18:25:31:351 [1] [AppStarter]:I: [Domain ] = tonidoid.com 18:25:31:351 [1] [AppStarter]:I: [ErrorLogRoot ] = C:UsersPavloAppDataRoamingTonidodatalogserrorlogs
- 76. 76 20:49:26:547 [25] [TCPServerConnection (default[#14])]:E: Tonido::Core::getZipFile Exception reading img/close_view.gif 20:49:36:899 [32] [TCPServerConnection (default[#21])]:E: Tonido::Core::getZipFile Exception reading img/close_view.gif 20:50:13:457 [33] [TCPServerConnection (default[#22])]:E: Tonido::Core::getZipFile Exception reading img/close_view.gif 20:52:10:967 [6] [Dispatcher]:E: Token not found in List: 1b3d547e-bb7f-494e-b245-0b9b3808549c 20:53:05:354 [29] [TCPServerConnection (default[#18])]:E: Tonido::Core::getZipFile Exception reading img/close_view.gif 20:53:44:284 [29] [TCPServerConnection (default[#18])]:E: Tonido::Core::getZipFile Exception reading img/close_view.gif 20:53:45:184 [9] [CoreITunesImporter]:E: Failed to locate iTunes Music Library File, skipping Import 20:54:07:738 [32] [TCPServerConnection (default[#21])]:E: Tonido::Core::getZipFile Exception reading img/close_view.gif 20:54:45:558 [29] [TCPServerConnection (default[#18])]:E: Tonido::Core::getZipFile Exception reading img/close_view.gif 20:56:06:108 [32] [TCPServerConnection (default[#21])]:E: Tonido::Core::getZipFile Exception reading img/close_view.gif 20:56:20:096 [32] [TCPServerConnection (default[#21])]:E: Tonido::Core::getZipFile Exception reading img/close_view.gif 20:58:19:020 [6] [Dispatcher]:E: Token not found in List: 81828747-f68b-40a5-8863-6b6ce8032cc1
- 77. 77 REFERENCE LIST [1] Fusenig, V., Sharma, A., 2012. Security architecture for cloud networking, in: 2012 International Conference on Computing, Networking and Communications (ICNC). Presented at the 2012 International Conference on Computing, Networking and Communications (ICNC), pp. 45–49. [2] Kandukuri, B.R., Paturi, V.R., Rakshit, A., 2009. Cloud Security Issues, in: IEEE International Conference on Services Computing, 2009. SCC ’09. Presented at the IEEE International Conference on Services Computing, 2009. SCC ’09, pp. 517 –520. [3] Qaisar, E.J., 2012. Introduction to cloud computing for developers: Key concepts, the players and their offerings, in: Information Technology Professional Conference (TCF Pro IT), 2012 IEEE TCF. Presented at the Information Technology Professional Conference (TCF Pro IT), 2012 IEEE TCF, pp. 1 –6. [4] Ramgovind, S., Eloff, M.M., Smith, E., 2010. The management of security in Cloud computing, in: Information Security for South Africa (ISSA), 2010. Presented at the Information Security for South Africa (ISSA), 2010, pp. 1 –7. [5] Shaikh, F.B., Haider, S., 2011. Security threats in cloud computing, in: Internet Technology and Secured Transactions (ICITST), 2011 International Conference For. Presented at the Internet Technology and Secured Transactions (ICITST), 2011 International Conference for, pp. 214 – 219. [6] Srivastava,P., Singh, S., Pinto, A.A., Verma, S., Chaurasiya, V.K., Gupta, R., 2011. An architecture based on proactive model for security in cloud computing, in: 2011 International Conference on Recent Trends in Information Technology (ICRTIT). Presented at the 2011 International Conference on Recent Trends in Information Technology (ICRTIT), pp. 661 –666. [7] Tianfield, H., 2011. Cloud computing architectures, in: 2011 IEEE International Conference on Systems, Man, and Cybernetics (SMC). Presented at the 2011 IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 1394 –1399.
- 78. 78 [8] A Platform Computing Whitepaper, ‘Enterprise Cloud, Computing: Transforming IT’, Platform Computing, pp6, viewed 13, March 2010. [9] Dooley B, 2010, ‘Architectural Requirements of the Hybrid Cloud’, Information Management Online, viewed 10 February 2010, from <http://www.information-management.com/news/hybrid- cloudarchitectural- requirements-10017152-1.html>. [10] Global Netoptex Incorporated, 2009, Demystifying the cloud. Important opportunities, crucial choices, http://www.gni.com, pp 4-14, viewed 13 December 2009. [11] Lofstrand M, ‘The VeriScale Architecture: Elasticity and Efficiency for Private Clouds”, Sun Microsystems, Sun BluePrint, Online, Part No 821-0248-11, Revision 1.1, 09/22/09 [12] Brodkin J, 2008, ‘Gartner: Seven cloud-computing security risks’, Infoworld, viewed 13 March 2009, from <http://www.infoworld.com/d/security-central/gartner-seven-cloudcomputing- security-risks-853? page=0,1> [13] ISO. ISO 7498-2:1989. Information processing systems- Open Systems Interconnection. ISO 7498-2 [14] B. Rochwerger et al, “The RESERVOIR model and architecture for open federated cloud computing”, IBM Journal of Research and Development, vol. 53, no. 4, 2009, pp. 1-11. [15] R. Buyyaa et al, “Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility”, Future Generation Computer Systems, vol. 25, no. 6, June 2009, pp. 599-616. [16] G. J. Popek and R. P. Goldberg, “Formal requirements for virtualizable third generation architectures”, Communications of ACM, vol. 17, no. 7, 1974, pp. 412-421. [17] P. Barham et al, “Xen and the art of virtualization”, in Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP’03), New York, USA, 19-22 October 2003, pp. 164-177. [18] SUN Microsystems, “Introduction to cloud computing architecture”,White Paper, 1st Edition, June 2009 [19] J. Varia, “Architecting for the cloud: Best practices”, May 2010. [20] Sabahi, F., 2011. Cloud computing security threats and responses, in: 2011 IEEE 3rd
- 79. 79 International Conference on Communication Software and Networks (ICCSN). Presented at the 2011 IEEE 3rd International Conference on Communication Software and Networks (ICCSN), pp. 245–249. [21] C. Almond, "A Practical Guide to Cloud Computing Security," 27 August 2009. [22] http://cloudsecurity.trendmicro.com/ on 12 April 2013 [23] N. Mead, et al, “Security quality requirements engineering (SQUARE) methodology, “Carnegie Mellon Software Engineering Institute”. [24] J. W.Rittinghouse and J. F.Ransome, Cloud Computing: Taylor and Francis Group, LLC, 2010. [25] P. Sefton, "Privacy and data control in the era of cloud computing." [26] Kresimir Popovic and Zeljko Hocenski , “Cloud computing security issues and challenges,” in Proceedings of the 33rd International Convention, MIPRO 2010 [27] Gartner Seven Security Risks of Cloud Computing, http://www.networkworld.com/news/2008/070208-cloud.html, January 2011 [28] T. Garfinkel and M. Rosenblum, “When virtual is harder than real: security challenges in virtual machine based computing environments,” Proc. 10th Conference on Hot Topics in Operating Systems (HOTOS’05), vol. 10, USENIX Association, Berkeley, CA, USA, June 2005, pp. 20-20. [29] R. Chow et al., “Controlling data in the cloud: outsourcing computation without outsourcing control,” Proc. 2009 ACM Workshop on Cloud Computing Security, ACM, New York, NY, USA, Nov. 2009, pp. 85 – 90, doc: 10.1145/1655008.1655020. [30] S. Pearson, “Taking Account of Privacy when Designing Cloud Computing Services,” Proc. ICSE Workshop on Software Engineering Challenges of Cloud Computing (CLOUD'09), IEEE Computer Society, Washington, DC, USA, May 2009, pp. 44 – 52, doc: 10.1109/CLOUD.2009.5071532. [31] E.E. Schadt, M. D. Linderman, J. Sorenson, L. Lee, and G.P. Nolan, “Computational solutions to large-scale data management and analysis,” Nature Reviews Genetics, Vol. 11, Sep. 2010, pp. 647-657, doi:10.1038/nrg2857. [32] N. Leavitt, “Is Cloud Computing Really Ready for Prime Time?” Computer, vol. 42, issue 1, Jan. 2009, pp. 15-20, doi:10.1109/MC.2009.20.
- 80. 80 [33] S. Pearson and A. Benameur, “Privacy, Security and Trust Issues Arising from Cloud Computing,” Proc. 2010 IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom), Nov./Dec. 2010, pp. 693-702, doi:10.1109/CloudCom.2010.66. [34] Hanna, E.M., Mohamed, N., Al-Jaroodi, J., 2012. The Cloud: Requirements for a Better Service, in: 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid). Presented at the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp. 787–792.
- 81. 81 SPECIAL REFERENCE LIST OF LITERATURE REVIEW [1*] Rongxing et al, ―Secure Provenance: The Essential Bread and Butter of Data Forensics in Cloud Computing‖, ASIACCS‘10, Beijing, China. [2*] R. La‘Quata Sumter, ―Cloud Computing: Security Risk Classification‖, ACMSE 2010, and Oxford, USA [3*] Mladen A. Vouch, ―Cloud Computing Issues, Research and Implementations‖, Journal of Computing and Information Technology - CIT 16, 2008, 4, 235–246 [4*] Wenchaoet al, ―Towards a Data-centric View of Cloud Security‖, CloudDB 2010, Toronto, Canada [5*] Soren Bleikertz et al, ―Security Audits of Multi-tier Virtual Infrastructures in Public Infrastructure Clouds‖, CCSW 2010, Chicago, USA. [6*] Flavio Lombardi& Roberto Di Pietro, ―Transparent Security for Cloud‖, SAC‘10 March 22-26, 2010, Sierre, Switzerland. [7*] Wayne A. Jansen, ―Cloud Hooks: Security and Privacy Issues in Cloud Computing‖, 44th Hawaii International Conference on System Sciesnces 2011. [8*] Jinpeng et al, ―Managing Security of Virtual Machine Images in a Cloud Environment‖, CCSW, 2009, Chicago, USA [9*] Miranda & Siani, ―A Client-Based Privacy Manager for Cloud Computing‖, COMSWARE‘09, 2009, Dublin, Ireland [10*] Dan Lin & Anna Squicciarini, ―Data Protection Models for Service Provisioning in the Cloud‖, SACMAT‘10, 2010, Pittsburgh, Pennsylvania, USA
- 82. 82 BIBLIOGRAPHY Behl, A., Behl, K., 2012. An analysis of cloud computing security issues, in: 2012 World Congress on Information and Communication Technologies (WICT). Presented at the 2012 World Congress on Information and Communication Technologies (WICT), pp. 109 –114. Buyya, R., Ranjan, R., Calheiros, R.N., 2009. Modeling and simulation of scalable Cloud computing environments and the CloudSim toolkit: Challenges and opportunities, in: International Conference on High Performance Computing Simulation, 2009. HPCS ’09. Presented at the International Conference on High Performance Computing Simulation, 2009. HPCS ’09, pp. 1 – 11. Fusenig, V., Sharma, A., 2012. Security architecture for cloud networking, in: 2012 International Conference on Computing, Networking and Communications (ICNC). Presented at the 2012 International Conference on Computing, Networking and Communications (ICNC), pp. 45–49. Grobauer, B., Walloschek, T., Stocker, E., 2011. Understanding Cloud Computing Vulnerabilities. IEEE Security Privacy 9, 50 –57. Hanna, E.M., Mohamed, N., Al-Jaroodi, J., 2012. The Cloud: Requirements for a Better Service, in: 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid). Presented at the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp. 787–792. Jain, P., Rane, D.,Patidar, S., 2011. A survey and analysis of cloud model-based security for computing secure cloud bursting and aggregation in renal environment, in: 2011 World Congress on Information and Communication Technologies (WICT). Presented at the 2011 World Congress on Information and Communication Technologies (WICT), pp. 456 –461. Kandukuri, B.R., Paturi, V.R., Rakshit, A., 2009. Cloud Security Issues, in: IEEE International Conference on Services Computing, 2009. SCC ’09. Presented at the IEEE International Conference on Services Computing, 2009. SCC ’09, pp. 517 –520. Kaufman, L.M., 2009. Data Security in the World of Cloud Computing. IEEE Security Privacy 7, 61 –64. Khorshed, M.T., Ali, A.B.M.S., Wasimi, S.A., 2011. Trust Issues that Create Threats for Cyber Attacks in
- 83. 83 Cloud Computing, in: 2011 IEEE 17th International Conference on Parallel and Distributed Systems (ICPADS). Presented at the 2011 IEEE 17th International Conference on Parallel and Distributed Systems (ICPADS), pp. 900 –905. Liu, W., 2012. Research on cloud computing security problem and strategy, in: 2012 2nd International Conference on Consumer Electronics, Communications and Networks (CECNet).Presented at the 2012 2nd International Conference on Consumer Electronics, Communications and Networks (CECNet), pp. 1216 –1219. Ning, F., Zhou, W., Zhang, F., Yin, Q., Ni, X., 2011. The architecture of cloud maufacturing and its key technologies research, in: 2011 IEEE International Conference on Cloud Computing and Intelligence Systems (CCIS).Presented at the 2011 IEEE International Conference on Cloud Computing and Intelligence Systems (CCIS), pp. 259 –263. Prasadreddy, P.V.G.D., Rao, T.S., Venkat, S.P., 2011. A Threat Free Architecture for Privacy Assurance in Cloud Computing, in: 2011 IEEE World Congress on Services (SERVICES).Presented at the 2011 IEEE World Congress on Services (SERVICES), pp. 564 –568. Qaisar, E.J., 2012. Introduction to cloud computing for developers: Key concepts, the players and their offerings, in: Information Technology Professional Conference (TCF Pro IT), 2012 IEEE TCF. Presented at the Information Technology Professional Conference (TCF Pro IT), 2012 IEEE TCF, pp. 1 –6. Ramgovind, S., Eloff, M.M., Smith, E., 2010. The management of security in Cloud computing, in: Information Security for South Africa (ISSA), 2010. Presented at the Information Security for South Africa (ISSA), 2010, pp. 1 –7. Rochwerger, B., n.d. B. Rochwerger et al, “The RESERVOIR model and architecture for open federated cloud computing”, IBM Journal of Research and Development, vol. 53, no. 4, 2009, pp. 1-11. Sabahi, F., 2011. Cloud computing security threats and responses, in: 2011 IEEE 3rd International Conference on Communication Software and Networks (ICCSN). Presented at the 2011 IEEE 3rd International Conference on Communication Software and Networks (ICCSN), pp. 245–249. Shaikh, F.B., Haider, S., 2011. Security threats in cloud computing, in: Internet Technology and Secured Transactions (ICITST), 2011 International Conference For. Presented at the Internet Technology and Secured Transactions (ICITST), 2011 International Conference for, pp. 214 –219.
- 84. 84 Shen, Z., Tong, Q., 2010. The security of cloud computing system enabled by trusted computing technology, in: 2010 2nd International Conference on Signal Processing Systems (ICSPS). Presented at the 2010 2nd International Conference on Signal Processing Systems (ICSPS), pp. V2–11 –V2–15. Srivastava, P., Singh, S., Pinto, A.A., Verma, S., Chaurasiya, V.K., Gupta, R., 2011. An architecture based on proactive model for security in cloud computing, in: 2011 International Conference on Recent Trends in Information Technology (ICRTIT). Presented at the 2011 International Conference on Recent Trends in Information Technology (ICRTIT), pp. 661 –666. Sun, S., Yan, C., Du, Y., 2012. Analysis on the Influence of the Cloud Computing on the Safety Assessment Technique, in: 2012 International Conference on Computer Science and Electronics Engineering (ICCSEE). Presented at the 2012 International Conference on Computer Science and Electronics Engineering (ICCSEE), pp. 285 –288. Tianfield, H., 2011. Cloud computing architectures, in: 2011 IEEE International Conference on Systems, Man, and Cybernetics (SMC). Presented at the 2011 IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 1394 –1399. Tsai, C.-L., Lin, U.-C., Chang, A.Y., Chen, C.-J., 2010. Information security issue of enterprises adopting the application of cloud computing, in: 2010 Sixth International Conference on Networked Computing and Advanced Information Management (NCM).Presented at the 2010 Sixth International Conference on Networked Computing and Advanced Information Management (NCM), pp. 645 –649.