Secure Virtual Layer Management in Clouds

Clouds are composed of enormous resources and are associated with attractive properties, e.g. scalability and resilience. Such properties are the result of Clouds dynamic nature. Cloud dynamism is desirable property for different reasons such as resilience, resource consolidation, and maintenance windows. However, such dynamism exposes many security and management concerns for Cloud providers as well as for Cloud users. For example how can Cloud providers assure users that: (a.) dependent applications running on different VMs (Virtual Machines) are hosted within physical proximity (performance reasons); (b.) mutually exclusive VMs are not hosted at the same physical server (e.g. availability and security reasons); and (c.) when migrating VMs the new allocated physical servers satisfy users application requirements and security and privacy criteria. In this paper we explore this important problem. We then propose a framework, which at this foundation stage focuses on providing secure environment for the management of Clouds' virtual layer. It also helps in establishing trust in Cloud's operational management. We also propose our planned implementation layout using Open Stack.

[1]  L. Youseff,et al.  Toward a Unified Ontology of Cloud Computing , 2008, 2008 Grid Computing Environments Workshop.

[2]  Imad M. Abbadi,et al.  Preventing information leakage between collaborating organisations , 2008, ICEC.

[3]  Jemal H. Abawajy,et al.  Determining Service Trustworthiness in Intercloud Computing Environments , 2009, 2009 10th International Symposium on Pervasive Systems, Algorithms, and Networks.

[4]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[5]  Imad M. Abbadi,et al.  Challenges for Provenance in Cloud Computing , 2011, TaPP.

[6]  Khaled M. Khan,et al.  Establishing Trust in Cloud Computing , 2010, IT Professional.

[7]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[8]  Trent Jaeger,et al.  Seeding clouds with trust anchors , 2010, CCSW '10.

[9]  V. Shoup,et al.  Information technology-Security techniques-Encryption algorithms-Part 2 : Asymmetric Ciphers , 2004 .

[10]  Lee Rainie,et al.  The future of cloud computing , 2010 .

[11]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[12]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[13]  Matt Bishop,et al.  Storm Clouds Rising: Security Challenges for IaaS Cloud Computing , 2011, 2011 44th Hawaii International Conference on System Sciences.

[14]  Imad M. Abbadi,et al.  Toward Trustworthy Clouds' Internet Scale Critical Infrastructure , 2011, ISPEC.

[15]  Imad M. Abbadi Clouds' Infrastructure Taxonomy, Properties, and Management Services , 2011, ACC.

[16]  Dimitrios Pendarakis,et al.  Security audits of multi-tier virtual infrastructures in public infrastructure clouds , 2010, CCSW '10.

[17]  Max Mühlhäuser,et al.  Cloud Computing Landscape and Research Challenges Regarding Trust and Reputation , 2010, 2010 7th International Conference on Ubiquitous Intelligence & Computing and 7th International Conference on Autonomic & Trusted Computing.

[18]  Imad M. Abbadi,et al.  Sharing but Protecting Content Against Internal Leakage for Organisations , 2008, DBSec.

[19]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[20]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .