Hierarchical secure virtualization model for cloud

Cloud services are providing on-demand resources via virtualization technologies. This will make cloud computing a potential target for cyber attacks. Most proposed security models for virtualization are working above virtualization on host OS. Almost all proposed cloud security models suffers from this problem in that these models have very limited control over virtualization. In this paper a Hierarchical Secure Virtualization Model (HSVM) is proposed to provide threat quarantine and conquer in addition to complete control on virtualization. HSVM needs to be implemented under the virtualization level and eventually moving up to the guest OS. This security model has the potential to protect various cloud service models implemented by cloud vendors, such as IaaS, PaaS, dSaaS, and SaaS, and improves cloud vendor control level in IaaS. To the best of our knowledge, there is no similar model or implementation like HSVM, able to protect the cloud from DDoS attack, unauthorized access, data leakage as well.

[1]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[2]  Yingxu Lai,et al.  A Data Mining Framework for Building Intrusion Detection Models Based on IPv6 , 2009, ISA.

[3]  Rajkumar Buyya,et al.  Future Generation Computer Systems Deadline-driven Provisioning of Resources for Scientific Applications in Hybrid Clouds with Aneka , 2022 .

[4]  Christoph Meinel,et al.  Intrusion Detection in the Cloud , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[5]  Mohamed Almorsy,et al.  CloudSec: A security monitoring appliance for Virtual Machines in the IaaS cloud model , 2011, 2011 5th International Conference on Network and System Security.

[6]  Kamal Dahbur,et al.  A survey of risks, threats and vulnerabilities in cloud computing , 2011, ISWSA '11.

[7]  Xin Wang,et al.  Research on the Intrusion detection mechanism based on cloud computing , 2010, 2010 International Conference on Intelligent Computing and Integrated Systems.

[8]  Min-Woo Park,et al.  Multi-level Intrusion Detection System and log management in Cloud Computing , 2011, 13th International Conference on Advanced Communication Technology (ICACT2011).

[9]  Nils Gruschka,et al.  Attack Surfaces: A Taxonomy for Attacks on Cloud Services , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[10]  Katarina Stanoevska-Slabeva,et al.  Cloud Basics - An Introduction to Cloud Computing , 2010, Grid and Cloud Computing.

[11]  Zhuolin Yang,et al.  Virtualization security for cloud computing service , 2011, 2011 International Conference on Cloud and Service Computing.

[12]  Haider Abbas,et al.  User Privacy Issues in Eucalyptus: A Private Cloud Computing Environment , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[13]  Dmitrii Zagorodnov,et al.  Eucalyptus : A Technical Report on an Elastic Utility Computing Archietcture Linking Your Programs to Useful Systems , 2008 .

[14]  Carlos Maziero,et al.  Protecting host-based intrusion detectors through virtual machines , 2007, Comput. Networks.

[15]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[16]  David Kaeli,et al.  Virtual machine monitor-based lightweight intrusion detection , 2011, OPSR.

[17]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[18]  Chin-Hsiung Wu,et al.  A Virus Prevention Model Based on Static Analysis and Data Mining Methods , 2008, 2008 IEEE 8th International Conference on Computer and Information Technology Workshops.

[19]  Vijay Varadharajan,et al.  Intrusion Detection Techniques for Infrastructure as a Service Cloud , 2011, 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing.

[20]  Rebecca Gurley Bace,et al.  Intrusion Detection , 2018, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[21]  Marin Litoiu,et al.  Feedback-based optimization of a private cloud , 2012, Future Gener. Comput. Syst..

[22]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[23]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[24]  Alfonso Valdes,et al.  Next-generation Intrusion Detection Expert System (NIDES)A Summary , 1997 .

[25]  Roberto Di Pietro,et al.  CUDACS: Securing the Cloud with CUDA-Enabled Secure Virtualization , 2010, ICICS.

[26]  Farzad Sabahi,et al.  Secure Virtualization for Cloud Environment Using Hypervisor-based Technology , 2012 .

[27]  Wei-Yu Chen,et al.  ICAS: An inter-VM IDS Log Cloud Analysis System , 2011, 2011 IEEE International Conference on Cloud Computing and Intelligence Systems.