Secured architecture for inter-VM traffic in a Cloud environment

Cloud Computing (CC) is a large-scale distributed computing paradigm that is driven by economies of scale, in which a pool of abstracted, virtualized, dynamically-scalable, managed computing power, storage, platforms, and services are delivered on demand to external customers over the Internet. On the other hand, one of the key enablers for building Cloud environments is Virtualization. It offers a great level of efficiency and scalability that makes the complex processing of the Cloud possible. However, with these advantages come certain limitations, especially in relation to security. Virtualization vulnerabilities and more specifically isolation, creates new targets for intrusion due to the complexity of access and difficulty in monitoring all interconnection points between systems, applications, and data sets. Hence, without strict controls put in place within the Cloud, guests could violate and bypass security policies, intercept unauthorized client data, and initiate or become the target of security attacks. This article discusses the security and the visibility issues of inter-VM traffic, by proposing a solution for it within the Cloud context. The proposed approach provides Virtual Machines (VMs) authentication, communication integrity, and enforces trusted transactions, through security mechanisms, structures, policies, and various intrusion detection techniques.

[1]  Irfan Gul,et al.  Distributed Cloud Intrusion Detection Model , 2011 .

[2]  Stephen T. Kent,et al.  IP Authentication Header , 1995, RFC.

[3]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[4]  Feng Liu,et al.  SaaS Integration for Software Cloud , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[5]  Roberto Bifulco,et al.  Integrating a network IDS into an open source Cloud Computing environment , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[6]  Mohammad Reza Noruzi,et al.  Looking on Policy and Social Policy in the Context of Public Administration and Management , 2011 .

[7]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[8]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[9]  Abderrahim Sekkaki,et al.  Intrusion Detection for Computational Grids , 2008, 2008 New Technologies, Mobility and Security.

[10]  Carla Merkle Westphall,et al.  Intrusion Detection for Grid and Cloud Computing , 2010, IT Professional.