Network security for Hybrid Cloud

Cloud computing has enabled elastic and transparent access to distributed services, without investing in new infrastructures. In the last few years, Cloud computing has grown from being a promising business concept to one of the fast growing segments of the IT industry. Despite of all the hype surrounding the Cloud, enterprise customers are still reluctant to deploy their business in the Cloud. Security is one of the major issues which reduces the growth of Cloud computing and complications with data privacy and data protection continue to plague the market. In this paper, we propose a solution for Hybrid Cloud security, focusing on a Virtual Intrusion Detection System (V-IDS). We present a new architecture that considers the basic principles of the Cloud computing, virtualization and GMPLS Control Plane and applies them to the intrusion detection systems, in order to protect Cloud networks characterized by constantly changing of the underlying infrastructure and physical topology. Based on the defined architecture, we have implemented a prototype of Cloud based IDS that validates our thesis. The prototype is realized though the integration of two open-source technologies: OpenStack and DRAGON (Dynamic Resource Allocation via GMPLS Optical Networks).

[1]  Junseok Hwang,et al.  Inter-domain LSP setup using bandwidth management points , 2001, GLOBECOM'01. IEEE Global Telecommunications Conference (Cat. No.01CH37270).

[2]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[3]  Philip Robinson,et al.  GEYSERS: A novel architecture for virtualization and co-provisioning of dynamic optical networks and IT services , 2011, 2011 Future Network & Mobile Summit.

[4]  Carlos Becker Westphall,et al.  SLA Perspective in Security Management for Cloud Computing , 2010, 2010 Sixth International Conference on Networking and Services.

[5]  Tal Garfinkel,et al.  Virtual machine monitors: current technology and future trends , 2005, Computer.

[6]  Jean-Louis Le Roux,et al.  Path Computation Element (PCE) Communication Protocol (PCEP) , 2009, RFC.

[7]  Lou Berger,et al.  The OSPF Opaque LSA Option , 1998, RFC.

[8]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[9]  Dimitri Papadimitriou,et al.  Network Working Group Rsvp-te Extensions in Support of End-to-end Generalized Multi-protocol Label Switching (gmpls) Recovery , 2006 .

[10]  Krishna P. Gummadi,et al.  Towards Trusted Cloud Computing , 2009, HotCloud.

[11]  Adrian Farrel,et al.  A Path Computation Element (PCE)-Based Architecture , 2006, RFC.

[12]  Carlos Becker Westphall,et al.  Toward an architecture for monitoring private clouds , 2011, IEEE Communications Magazine.

[13]  Adrian Farrel,et al.  Interdomain path computation: Challenges and Solutions for Label Switched Networks , 2007, IEEE Communications Magazine.

[14]  Carla Merkle Westphall,et al.  Intrusion Detection for Grid and Cloud Computing , 2010, IT Professional.

[15]  Pasquale Donadio,et al.  Virtual intrusion detection systems in the cloud , 2012, Bell Labs Technical Journal.