Qiang Wu,Ran Wang,Xincheng Yan,Chunming Wu,Rongxing Lu

DOI: https://doi.org/10.1109/MWC.001.2100251

IF: 12.777

2022-01-01

IEEE Wireless Communications

Abstract:Opening-up sharing has prompted the multi-tenancy architecture, whereby different vendors (including outsourcees) work together with network operators to form a vibrant service ecosystem, resulting in several advantages as well as risks. In particular, the static nature of existing architectures in network functions virtualization-based (NFV-based) clouds facilitate hacking. Thus, much attention has been focused on determining how to avoid the uncontrollable cloud security induced by complex production relations and non-trustworthy software/hardware sources when the two sets of security risks intersect. In this article, we investigate latent persistent threats against cloud environments and determine a high degree of complementarity and consistency between the NFV-based cloud environment and the dynamic defense concept. More specifically, new NFV-based cloud features provide an effective implementation for dynamic defense, while the generalized robustness of dynamic defense theory allows for high security gains. Intrinsic cloud security (iCS) is then proposed to align NFV-based clouds, mimicking defense and the moving target defense (MTD) paradigm to implement a seamless integration and symbiosis evolution between security and NFV-based clouds. We quantify the impact on system overhead to account for efficiency and cost issues. The simulation analysis demonstrates that the enhanced mode is able to consistently obtain a more beneficial and stable defense compared with the counterparts.

Nianfeng Tian,Tao Ding,Yongheng Yang,Qinglai Guo,Hongbin Sun,Frede Blaabjerg

DOI: https://doi.org/10.1016/j.apenergy.2018.09.068

IF: 11.2

2018-01-01

Applied Energy

Abstract:Under the development of information and communication technologies, this paper discusses a cloud-based user side integrated energy management to improve the energy utilization efficiency in a smart community, for which a two-level model is proposed that relies on an energy hub and load aggregators. Furthermore, to address the issue of preserving confidentiality for the cloud service, an information-masking mechanism is designed based on linear mapping functions, whose information-masking requirements and processes are specified accordingly. Numerical results demonstrate the effectiveness of the proposed model and of the method for cloud computing.

Deepika Saxena,Ashutosh Kumar Singh

DOI: https://doi.org/10.48550/arXiv.2210.16602

2022-10-29

Distributed, Parallel, and Cluster Computing

Abstract:This paper proposes a conceptual model for a secure and performance-efficient workload management model in cloud environments. In this model, a resource management unit is employed for energy and performance proficient allocation of virtual machines while ensuring the secure processing of users' applications by defending against data breaches due to unauthorized access to virtual machines in real-time. The resource management unit is guided by a secure virtual machine management unit which is designed to generate information regarding unauthorized access or inter-communication links among active virtual machines. Also, a workload analyzer unit operates concurrently to estimate resource utilization information to assist the resource management unit in the performance-efficient allocation of virtual machines. Contrary to prior works which engage access control mechanisms, encryption, and decryption of data before the transfer and the use of tunneling for prevention of unauthorized access to virtual machines which raises excess computational cost overhead, the proposed model operates diversely for efficiently serving the same purpose.

Sakshi Chhabra,Ashutosh Kumar Singh

DOI: https://doi.org/10.48550/arXiv.2212.05319

2022-12-10

Abstract:The core of the computer business now offers subscription-based on-demand services with the help of cloud computing. We may now share resources among multiple users by using virtualization, which creates a virtual instance of a computer system running in an abstracted hardware layer. It provides infinite computing capabilities through its massive cloud datacenters, in contrast to early distributed computing models, and has been incredibly popular in recent years because to its continually growing infrastructure, user base, and hosted data volume. This article suggests a conceptual framework for a workload management paradigm in cloud settings that is both safe and performance-efficient. A resource management unit is used in this paradigm for energy and performing virtual machine allocation with efficiency, assuring the safe execution of users' applications, and protecting against data breaches brought on by unauthorised virtual machine access real-time. A secure virtual machine management unit controls the resource management unit and is created to produce data on unlawful access or intercommunication. Additionally, a workload analyzer unit works simultaneously to estimate resource consumption data to help the resource management unit be more effective during virtual machine allocation. The suggested model functions differently to effectively serve the same objective, including data encryption and decryption prior to transfer, usage of trust access mechanism to prevent unauthorised access to virtual machines, which creates extra computational cost overhead.

Distributed, Parallel, and Cluster Computing,Artificial Intelligence

Amani S. Ibrahim,James Hamlyn-Harris,John Grundy

DOI: https://doi.org/10.48550/arXiv.1612.09059

2016-12-29

Abstract:The cloud computing model is rapidly transforming the IT landscape. Cloud computing is a new computing paradigm that delivers computing resources as a set of reliable and scalable internet-based services allowing customers to remotely run and manage these services. Infrastructure-as-a-service (IaaS) is one of the popular cloud computing services. IaaS allows customers to increase their computing resources on the fly without investing in new hardware. IaaS adapts virtualization to enable on-demand access to a pool of virtual computing resources. Although there are great benefits to be gained from cloud computing, cloud computing also enables new categories of threats to be introduced. These threats are a result of the cloud virtual infrastructure complexity created by the adoption of the virtualization technology. Breaching the security of any component in the cloud virtual infrastructure significantly impacts on the security of other components and consequently affects the overall system security. This paper explores the security problem of the cloud platform virtual infrastructure identifying the existing security threats and the complexities of this virtual infrastructure. The paper also discusses the existing security approaches to secure the cloud virtual infrastructure and their drawbacks. Finally, we propose and explore some key research challenges of implementing new virtualization-aware security solutions that can provide the pre-emptive protection for complex and ever- dynamic cloud virtual infrastructure.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Software Engineering

Pengfei Sun,Qingni Shen,Liang Gu,Yangwei Li

DOI: https://doi.org/10.1109/anthology.2013.6784967

2013-01-01

Abstract:Virtualization technologies enable multi-tenancy cloud business models by providing a scalable, shared resource platform for all tenants. Computing capacity, storage, and network are shared between multi-tenants. However, placing different customers' workloads on the same virtualization platform may lead to security vulnerabilities, which include the failure of mechanisms separating storage, memory, routing, and even reputation between different tenants of the shared infrastructure. The co-location of many customers inevitably causes conflict for the cloud provider as customers' communication security requirements are likely to be divergent from each other. In this paper, we introduce Multi-lateral Security concept to multi-tenancy cloud platform. It is difficult to analyze policies defined by consumers in the same virtualization platform in order to guarantee configuration stability given that policies may have conflicts leading to unpredictable effects. We present the Multilateral Security Architecture for Virtualization platform (VPMS) which enables the multilateral security for consumers.

Yi Jie Tong,Wei Qi Yan,Jin Yu

DOI: https://doi.org/10.4018/ijdcf.2015010104

2015-01-01

International Journal of Digital Crime and Forensics

Abstract:With an increasing number of personal computers introduced in schools, enterprises and other large organizations, workloads of system administrators have been on the rise due to the issues related to energy costs, IT expenses, PC replacement expenditures, data storage capacity, and information security, etc. However, Application Virtualization (AV) has been proved as a successful cost-effective solution to solve these problems. In this paper, the analytics of a Virtual Desktop Infrastructure (VDI) system will be taken into consideration for a campus network. Our developed system will be introduced and justified. Furthermore, the rationality for these improvements will be introduced.

Maziar Janbeglou,WeiQi Yan

DOI: https://doi.org/10.1007/978-3-642-30867-3_42

2013-01-01

Abstract:Cloud computing has been introduced as a tool for improving IT proficiency and business responsiveness for organizations as it delivers flexible hardware and software services as well as providing an array of fundamentally systematized IT processes. Despite its many advantages, cloud computing security has been a major concern for organizations that are making the transition towards usage of this technology. In this paper, we focus on improving cloud computing security by managing and isolating shared network resources in bridge-mode hypervisors.

Xiang Wang,Zhi Liu,Jun Li,Baohua Yang,Yaxuan Qi

DOI: https://doi.org/10.1109/icccn.2014.6911782

2014-01-01

Abstract:Multi-tenant infrastructures deployed in cloud datacenters need network security protection. However, the rigid control mechanism of current security middleboxes induces inflexible orchestration, limiting the agile and on-demand security provision in virtualized datacenters. This paper presents Tualatin, a consolidated framework of delivering security services in multi-tenant datacenters. It meets security requirements of different scenarios by hardware and software co-design. Leveraging Software-Defined Networking (SDN) and OpenFlow techniques, Tualatin provides fine-grained security protection in dynamically changing network topologies, where both switches and security middleboxes are programmatically controlled by logically centralized controllers. With service-level APIs exposed, Tualatin could be easily integrated with other Cloud Management System (CMS). A proof-of-concept system has been deployed in a Tier-IV datacenter, providing customizable network security services for tenant Virtual Private Cloud (VPC) infrastructure.

Seyed Hossein Ahmadpanah

DOI: https://doi.org/10.48550/arXiv.1611.08889

2016-11-28

Abstract:In the cloud computing environment, cloud virtual machine (VM) will be more and more the number of virtual machine security and management faced giant Challenge. In order to address security issues cloud computing virtualization environment, this paper presents a virtual machine based on efficient and dynamic deployment VM security management model state migration and scheduling, study of which virtual machine security architecture, based on AHP (Analytic Hierarchy Process) virtual machine deployment and scheduling method, based on CUSUM (Cumulative Sum) DDoS attack detection algorithm, and the above-described method for functional testing and validation.

Networking and Internet Architecture,Distributed, Parallel, and Cluster Computing

Akram Sarhan,Leszek Lilien

DOI: https://doi.org/10.48550/arXiv.1904.00880

2019-03-28

Abstract:The management of sensitive data, including identity management (IDM), is an important problem in cloud computing, fundamental for authentication and fine-grained service access control. Our goal is creating an efficient and robust IDM solution that addresses critical issues in cloud computing. The proposed IDM scheme does not rely on trusted third parties (TTPs) or trusted dealers. The scheme is a multiparty interactive solution that combines RSA distributed key generation and attribute-based encryption. We believe that it will be a robust IDM privacy-preserving solution in cloud computing, because it has the following features: (i) protects sensitive data on untrusted hosts using active bundle; (ii) supports the minimum disclosure property; (iii) minimizes authentication overhead by providing single sign-on; (iv) supports authentication with encrypted credentials; (v) avoids using trusted third parties (TTPs_, incl. using TTPs for key management; (vi) supports revocation and delegation of access right; and (vii) supports revocation of user credentials. The scheme should also be efficient because it exploits parallelism.

Cryptography and Security

Taimur Al Said,Omer F. Rana

DOI: https://doi.org/10.1007/978-3-319-19848-4_9

2015-01-01

Abstract:The cloud computing concept has significantly influenced how information is delivered and managed in large scale distributed systems today. Cloud computing is currently expected to reduce the economic cost of using computational and data resources, and is therefore particularly appealing to small and medium scale companies (who may not wish to maintain in-house IT departments). To provide economies of scale, providers of Cloud computing infrastructure make significant use of virtualisation techniques – in which processes of various tenants sharing the same physical resources are separated logically using a hypervisor. In spite of its wide adoption in Cloud computing systems, virtualisation technology suffers from many security and privacy issues. We outline security challenges that remain in the use of virtualisation techniques to support multiple customers on the same shared infrastructure. We also illustrate, using an experiment, how data leakage occurs when multiple VMs are executed on the same physical infrastructure, leading to unauthorised access to (previously) deleted data.

Nasir Raza,Imran Rashid,Fazeel Ali Awan

DOI: https://doi.org/10.1007/s12243-017-0567-6

2017-02-10

Annals of Telecommunications

Abstract:Cloud computing has attained tremendous popularity recently, leading to its fast and rapid deployment. However, privacy and security concerns have also increased in the same ratio. The adoption of cloud model has revealed new dimensions of attack, demanding major reconsideration and reevaluation of traditional security mechanisms. If an organization is operating in cloud environment without adopting essential security measures, it may face catastrophic consequences including loss of valuable data, financial damages, or reputation loss etc. Any organization in cloud architecture faces severe security threats and challenges for which a comprehensive security framework is needed. Certain frameworks exist in literature which focus deeply on specific cloud security issues; however, there is a dire need of comprehensive framework encompassing both security-related and management-related issues. This paper initially reviews security challenges and threats to data/applications in cloud environment. Furthermore, a comprehensive security and management framework is proposed for an organization operating in cloud environment. Proposed framework has been implemented in virtualized cloud environment to validate the efficacy of certain features of the model. The data center has been setup in virtualized environment through virtual machines on VMware ESXi-6 hypervisor layer. VMware vCloud-6 has been installed on top of it for provision of services to the users. The proposed framework is a set of guidelines that will adequately secure the organization’s data and applications. The framework incorporates a layered security architecture to achieve utmost level of security for nullifying the impact of threats.

telecommunications

Zhongjin Liu,Yong Li,Li Su,Depeng Jin,Lieguang Zeng

DOI: https://doi.org/10.1145/2534169.2491725

IF: 1.937

2013-01-01

ACM SIGCOMM Computer Communication Review

Abstract:A significant concern for cloud operators is to provide global network performance isolation for concurrent tenants. To address this, we propose M2cloud, a software defined framework providing scalable network control for multi-site data centers (DCs). M2cloud employs two-level controllers with decoupled functions, providing each tenant with flexible virtualization support in both intra- and inter-DC networks.

Ranabhat Saugatdeep,Alexey N. Nazarov,Tuleun Terhemen Daniel,,,

DOI: https://doi.org/10.36724/2664-066x-2022-8-6-2-9

2022-01-01

SYNCHROINFO JOURNAL

Abstract:Lately, the most efficient solution for an organization and individual of internet based distributed computing platforms is cloud computing. Processing, storage, and data management are just a few of the useful services that end users can get from cloud computing. However, it raises a lot of issues with privacy and security which needs to be resolved. Major component of cloud computing is virtualization technology, which helps to develop complex cloud services based on the externalization and composition of these resources. The primary concern with cloud computing security is virtualization security. The collective measures and methods that ensure the safety of a virtualization environment are referred to as virtualization security. It tackles the security risks that virtualized components encounter, as well as techniques for mitigating or preventing them. In recent days, attacks are mainly aimed either to the virtualization architecture or the infrastructure. We prefer to examine the security holes associated with virtualization in this paper and how concentrating on virtualization security might ultimately result in safeguarding cloud computing platform. Through this paper we tend to highlight the recent progress and an overview of the existing works performed on various dimensions of the cloud security. We conclude our paper by making several recommendations with respect to the attack vector for supporting cloud protection with a mathematical LP model.

Ying Chen,Qingni Shen,Pengfei Sun,Yangwei Li,Zhong Chen,Sihan Qing

DOI: https://doi.org/10.1109/IPDPSW.2012.275

2012-01-01

Abstract:Infrastructure as a Service (IaaS), basically consists on the deliverance of virtual machines (VMs) to an IaaS provider, who can rise or shrink the number of VMs so as to offer fast and easy scalability according to variable workloads. However, according to the principle of Buckets Effect, the safety of the entire system relies on its most fragile component. This problem also exists in IaaS cloud. There are many VMs which co-exist in the same physical machine, but they may adopt different security protection. So this could lead VMs with the higher security requirement degrade to the lowest security level. In order to address these issues, we propose Trusted Cloud based on Security Level (TCSL), which is an integrated, secured and trusted architecture based on logical VMs' union, to separate the VMs with different sensitive and security needs from the whole cloud environment, and to meet different customer's security requirements. Experimental results demonstrate that these approaches are effective in isolating the resources with the same security requirements in a shared trusted zone which is built based on different security level. When resources need to migrate to the trusted zone, the Reliable Migration Policies will be automatically enforced and match the migrating resource to an applicable trusted zone in cloud or return a feedback concerning a suggestion. With Reliable Migration Protocol, the secure process of the migrating transaction can be guaranteed in IaaS cloud.

Dhaya R.,Ujwal U. J.,Tripti Sharma,Mr. Prabhdeep Singh,Kanthavel R.,Senthamil Selvan,Daniel Krah

DOI: https://doi.org/10.1155/2022/3174716

2022-02-28

Wireless Communications and Mobile Computing

Abstract:The level of difficulty that can be envisioned in a cloud data center will not grow with convention. As a result, all hosts should have a standard and pervasive collection of memory and communication characteristics in order to lower ownership costs and operate virtual machine instances. This solution includes fundamental foundations and integrated component basics that will allow an IT or federal agency to embrace cloud computing domestically via private virtual cloud data centers. These private cloud data centers would later be developed to purchase and develop IT services on the outside. They are well aware of the obstacles to cloud computing’s acceptance, including concerns about credibility, privacy, interoperability, and marketplaces. In addition, this procedure describes critical standards and collaborations to address these issues. Ultimately, it offers a coherent response to deploying safe data centers using cloud computing services from both a technological and an IT strategic standpoint. To foster creativity, invention, learning, and enterprise, a private data center and cloud computing must be established to combine the activities of different research teams. In the framework of energy-efficient distribution of resources in private cloud data center architecture, we focus on system structure investigations. On the other hand, we want to equip private cloud providers with the current design and performance analysis for energy-efficient resource allocation. The methodology should be adaptable enough to support a wide range of computing systems, as well as on-demand and extensive resource providing approaches, cloud environment scheduling, and bridging the gap between private cloud users and a complete image of offers.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiaoying Wang,Zhihui Du,Yinong Chen,Sanli Li

DOI: https://doi.org/10.1016/j.jss.2007.11.719

IF: 3.5

2008-01-01

Journal of Systems and Software

Abstract:As large data centers emerge, which host multiple Web applications, it is critical to isolate different application environments for security reasons and to provision shared resources effectively and efficiently to meet different service quality targets at minimum operational cost. To address this problem, we developed a novel architecture of resource management framework for multi-tier applications based on virtualization mechanisms. Key techniques presented in this paper include (1) establishment of the analytic performance model which employs probabilistic analysis and overload management to deal with non-equilibrium states; (2) a general formulation of the resource management problem which can be solved by incorporating both deterministic and stochastic optimizing algorithms; (3) deployment of virtual servers to partition resource at a much finer level; and (4) investigation of the impact of the failure rate to examine the effect of application isolation. Simulation experiments comparing three resource allocation schemes demonstrate the advantage of our dynamic approach in providing differentiated service qualities, preserving QoS levels in failure scenarios and also improving the overall performance while reducing the resource usage cost.

Liyu Yan,Lijun Zu,Jiawei Ye,Yongkai Zhou,Chengrong Wu

DOI: https://doi.org/10.3969/j.issn.1000-386x.2016.11.022

2016-01-01

Abstract:In recent years,with the rapid development of network virtualization technology,cloud service providers can provide virtual net-works abstracted from one set of physical network for tenants.In the multi-tenant network environment,tenants should be guaranteed that their virtual networks are isolated and won’t be accessed illegally from other tenants or outer networks.The definition of the virtual network borders is more obscure than physical network borders,so more fine-grained network isolation is required.Mainstream open source cloud platforms like OpenStack uses centralized network border to realize the isolation of virtual networks,and most traffic of VMs (virtual machines)is con-verged into single physical node,which may lead to SPOF (single point of failure).Thus,a distributed realization of virtual network isolation is proposed,which distributes the centralized border to each physical server,and the network traffic is distributed to physical servers so that the possibility of loss caused by SPOF will be reduced.Finally,experiments prove the availability of the distributed deployment and the lower network latency of VMcommunication in the distributed realization.

A. Anasuya Threse Innocent

DOI: https://doi.org/10.48550/arXiv.1206.6016

2012-05-30

Abstract:The new era of computing called Cloud Computing allows the user to access the cloud services dynamically over the Internet wherever and whenever needed. Cloud consists of data and resources; and the cloud services include the delivery of software, infrastructure, applications, and storage over the Internet based on user demand through Internet. In short, cloud computing is a business and economic model allowing the users to utilize high-end computing and storage virtually with minimal infrastructure on their end. Cloud has three service models namely, Cloud Software-as-a-Service (SaaS), Cloud Platform-as-a-Service (PaaS), and Cloud Infrastructure-as-a-Service (IaaS). This paper talks in depth of cloud infrastructure service management.

Distributed, Parallel, and Cluster Computing