Customized Network Security for Cloud Service

Modern cloud computing platforms based on virtual machine monitors (VMMs) host a variety of complex businesses which present many network security vulnerabilities. In order to protect network security for these businesses in cloud computing, nowadays, a number of middleboxes are deployed at front-end of cloud computing or parts of middleboxes are deployed in cloud computing. However, the former is leading to high cost and management complexity, and also lacking of network security protection between virtual machines while the latter does not effectively prevent network attacks from external traffic. To address the above-mentioned challenges, we introduce a novel customized network security for cloud service (CNS), which not only prevents attacks from external and internal traffic to ensure network security of services in cloud computing, but also affords customized network security service for cloud users. CNS is implemented by modifying the Xen hypervisor and proved by various experiments which showing the proposed solution can be directly applied to the extensive practical promotion in cloud computing.

[1]  Seungjoon Lee,et al.  Network function virtualization: Challenges and opportunities for innovations , 2015, IEEE Communications Magazine.

[2]  Michael R. Lyu,et al.  Firewall security: policies, testing and performance evaluation , 2000, Proceedings 24th Annual International Computer Software and Applications Conference. COMPSAC2000.

[3]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[4]  Minlan Yu,et al.  SIMPLE-fying middlebox policy enforcement using SDN , 2013, SIGCOMM.

[5]  Vyas Sekar,et al.  Design and Implementation of a Consolidated Middlebox Architecture , 2012, NSDI.

[6]  Albert Y. Zomaya,et al.  Task-Tree Based Large-Scale Mosaicking for Massive Remote Sensed Imageries with Dynamic DAG Scheduling , 2014, IEEE Transactions on Parallel and Distributed Systems.

[7]  Wang Lijun Policy-Based Runtime Performance Evaluation and Validation of Web Services , 2010 .

[8]  Cong Wang,et al.  Privacy-preserving deep packet inspection in outsourced middleboxes , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[9]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[10]  Jinjun Chen,et al.  CloudGenius: A Hybrid Decision Support Method for Automating the Migration of Web Application Clusters to Public Clouds , 2015, IEEE Transactions on Computers.

[11]  Akihiro Nakao,et al.  DDoS defense as a network service , 2010, 2010 IEEE Network Operations and Management Symposium - NOMS 2010.

[12]  Alessandro Cilardo,et al.  Performance Evaluation of Security Services: An Experimental Approach , 2007, 15th EUROMICRO International Conference on Parallel, Distributed and Network-Based Processing (PDP'07).

[13]  Karsten Schwan,et al.  High performance and scalable I/O virtualization via self-virtualized devices , 2007, HPDC '07.

[14]  Chih-Hung Lin,et al.  Efficient and effective NIDS for cloud virtualization environment , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[15]  Mianxiong Dong,et al.  PNSICC: A Novel Parallel Network Security Inspection Mechanism Based on Cloud Computing , 2015, ICA3PP.

[16]  Xiaowei Yang,et al.  High performance network virtualization with SR-IOV , 2010, HPCA - 16 2010 The Sixteenth International Symposium on High-Performance Computer Architecture.

[17]  Sherali Zeadally,et al.  Using Cloud Computing to Implement a Security Overlay Network , 2013, IEEE Security & Privacy.

[18]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[19]  Vyas Sekar,et al.  Making middleboxes someone else's problem: network processing as a cloud service , 2012, SIGCOMM '12.

[20]  Zhi Liu,et al.  Embark: Securely Outsourcing Middleboxes to the Cloud , 2016, NSDI.

[21]  Wanlei Zhou,et al.  Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks , 2011, J. Netw. Comput. Appl..

[22]  Sherali Zeadally,et al.  Virtualization: Issues, security threats, and solutions , 2013, CSUR.

[23]  Niraj K. Jha,et al.  A Trusted Virtual Machine in an Untrusted Management Environment , 2012, IEEE Transactions on Services Computing.

[24]  Ion Stoica,et al.  Modeling middleboxes , 2008, IEEE Network.

[25]  Carla Merkle Westphall,et al.  Intrusion Detection for Grid and Cloud Computing , 2010, IT Professional.

[26]  Minyi Guo,et al.  Pricing and Repurchasing for Big Data Processing in Multi-Clouds , 2016, IEEE Transactions on Emerging Topics in Computing.

[27]  Rajiv Ranjan,et al.  Cross-Layer Multi-Cloud Real-Time Application QoS Monitoring and Benchmarking As-a-Service Framework , 2015, IEEE Transactions on Cloud Computing.

[28]  Yi Ding,et al.  Network security for virtual machine in cloud computing , 2010, 5th International Conference on Computer Sciences and Convergence Information Technology.

[29]  Madhumita Chatterjee,et al.  An Adaptive Distributed Intrusion Detection System for Cloud Computing Framework , 2012, SNDS.

[30]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[31]  Dijiang Huang,et al.  NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems , 2013, IEEE Transactions on Dependable and Secure Computing.

[32]  Guofei Gu,et al.  CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?) , 2012, 2012 20th IEEE International Conference on Network Protocols (ICNP).

[33]  Aaron Gember,et al.  Pratyaastha: an efficient elastic distributed SDN control plane , 2014, HotSDN.

[34]  Ali Mohammed,et al.  Enhancing Network Security in Linux Environment , 2012 .

[35]  Alec Wolman,et al.  Delusional boot: securing hypervisors without massive re-engineering , 2012, EuroSys '12.

[36]  Andrew Warfield,et al.  Split/Merge: System Support for Elastic Execution in Virtual Middleboxes , 2013, NSDI.

[37]  Mianxiong Dong,et al.  NSCC: Self-Service Network Security Architecture for Cloud Computing , 2014, 2014 IEEE 17th International Conference on Computational Science and Engineering.

[38]  Mianxiong Dong,et al.  NetSecCC: A scalable and fault-tolerant architecture for cloud computing security , 2016, Peer-to-Peer Netw. Appl..

[39]  Ruby B. Lee,et al.  A Case for Hardware Protection of Guest VMs from Compromised Hypervisors in Cloud Computing , 2011, 2011 31st International Conference on Distributed Computing Systems Workshops.

[40]  Haibo Chen,et al.  CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization , 2011, SOSP.

[41]  Hai Jin,et al.  Deduplication-Based Energy Efficient Storage System in Cloud Environment , 2015, Comput. J..

[42]  Minlan Yu,et al.  Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions using FlowTags , 2014, NSDI.