International Journal of Computer
Trends and Technology

Research Article | Open Access | Download PDF

Volume 4 | Issue 8 | Year 2013 | Article Id. IJCTT-V4I8P159 | DOI : https://doi.org/10.14445/22312803/IJCTT-V4I8P159

Emphasis and emerging trends on virtualization of cloud infrastructure with security challenges

Akula Santosh Kumar, C. Srinivasulu, B. Sudeep Kumar, D. Priyanka

Citation :

Akula Santosh Kumar, C. Srinivasulu, B. Sudeep Kumar, D. Priyanka, "Emphasis and emerging trends on virtualization of cloud infrastructure with security challenges," International Journal of Computer Trends and Technology (IJCTT), vol. 4, no. 8, pp. 2716-2722, 2013. Crossref, https://doi.org/10.14445/22312803/IJCTT-V4I8P159

Abstract

 The cloud computing model is rapidly transforming the IT landscape. Cloud computing is a new computing paradigm that delivers computing resources as a set of reliable and scalable internet-based services allowing customers to remotely run and manage these services. Infrastructure-as-a-service (IaaS) is one of the popular cloud computing services. IaaS allows customers to increase their computing resources on the fly without investing in new hardware. IaaS adapts virtualization to enable on-demand access to a pool of virtual computing resources. Although there are great benefits to be gained from cloud computing, cloud computing also enables new categories of threats to be introduced. These threats are a result of the cloud virtual infrastructure complexity created by the adoption of the virtualization technology. Breaching the security of any component in the cloud virtual infrastructure significantly impacts on the security of other components and consequently affects the overall system security. This paper explores the security problem of the cloud platform virtual infrastructure identifying the existing security threats and the complexities of this virtual infrastructure. The paper also discusses the existing security approaches to secure the cloud virtual infrastructure and their drawbacks. Finally, we propose and explore some key research challenges of implementing new virtualization-aware security solutions that can provide the pre-emptive protection for complex and ever-dynamic cloud virtual infrastructure.

Keywords

cloud computing, cloud virtual infrastructure security, virtualization security

References

[1] Alexander Lenk, Markus Klems, Jens Nimis, Stefan Tai, and Thomas Sandholm, "What's inside the Cloud? An architectural map of the Cloud landscape," in Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, 2009, pp. 23-31. 
[2] Luis Vaquero, Luis Rodero-Merino, Juan Caceres, et al, "A break in the clouds: towards a cloud definition," ACM SIGCOMM Computer Communication Review, vol. 39, pp. 50-55, 2009.   
[3] Wesam Dawoud, Ibrahim Takouna and Christoph Meinel, "Infrastructure as a service security: Challenges and solutions," in   2010 The 7th International Conference on Informatics and Systems, 2010, pp. 1-8.   
[4] Kevin Skapinetz, "Virtualisation as a Blackhat Tool," in Network Security, Elsevier., 2007, pp. 4-7.   
[5] W. Dawoud, , Takouna, I., Meinel, C., "Infrastructure as a service security: Challenges and solutions," in he 7th International Conference on Informatics and Systems, Cairo, May 2010.   
[6] Kai Hwang, Sameer Kulkareni, Yue Hu, "Cloud Security with Virtualized Defense and Reputation-Based Trust Mangement," Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, 2009, pp.717-722.  [7] Bernd Grobauer, Tobias Walloschek and Elmar Stöcker, "Understanding Cloud-Computing Vulnerabilities," IEEE Security and Privacy, 10 Jun. 2010. IEEE computer Society Digital Library. IEEE Computer Society, pp.1-8.   
[8] Martim Carbone, Diego Zamboni, Wenke Lee, "Taming Virtualization," IEEE Security and Privacy, 2008, vol. 6, pp. 65-67. 
[9] Edward Ray, and Eugene Schultz, "Virtualization security," in   Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, Oak Ridge, Tennessee, 2009, pp. 1-5.   
[10] Joanna Rutkowska, "Subverting VistaTM Kernel for Fun and Profit, ," Black Hat Conference, 2006.   
[11] Dino Dai Zovi, "Hardware Virtualization Rootkits," in BlackHat Conference, USA, 2009.   
[12] Samuel King, Peter Chen, Yi-Min Wang, et al, "SubVirt: Implementing malware with virtual machines," 2006 IEEE Symposium on Security and Privacy, 2006, pp.314-327.   
[13] Sina Bahram, Xuxian Jiang, Zhi Wang, Mike Grace, et al, "DKSM: Subverting Virtual Machine Introspection for Fun and Profit," Proceedings ofthe 29th IEEE International Symposium on Reliable Distributed Systems, New Delhi, India, October 2010.   
[14] Xen Open Source, "How Does Xen Work?," in http://www.xen.org/files/Marketing/HowDoesXenWork.pdf, Access on July 2010, 2009.   
[15] Serdar Cabuk, Chris Dalton, Aled Edwards, et al, "A Comparative Study on Secure Network Virtualization," in   Technical Report No. HPL-2008-57, HP Labs, 2008, http://www.hpl.hp.com/techreports/2008/HPL-2008-57.pdf, Accessed on June 2010.   [16] Tavis Ormandy, Google, "An Empirical Study into the Security Exposure to Host of Hostile Virtualized Environments. ," in Applied Security Conference, Vancouver, British Columbia, 2007.   
[17] Fagui Liu, Xiang Su, Wenqian Liu, et al, "The Design and Application of Xen-based Host System Firewall and its Extension," in The 2009 International Conference on Electronic Computer Technology, 2009, pp. 392-395.   
[18] "Netfilter project," 2008, http://www.netfilter.org/, Accessed July 2010.   
[19] Sebastian Roschke, Feng Cheng and Christoph Meinel, "Intrusion Detection in the Cloud,"Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, 2009, pp.729-734.   
[20] Kleber Vieira, Alexandre Schulter, Carlos Westphall, et al "Intrusion Detection for Grid and Cloud Computing," IT Professional, July/Aug. 2010, vol. 12, pp. 38-43.   
[21]Amir Dastjerdi, Kamalrulnizam Abu Bakar, and Sayed Tabatabaei, "Distributed Intrusion Detection in Clouds Using Mobile Agents," in Proceedings of the 2009 Third International Conference on Advanced Engineering Computing and Applications in Sciences, 2009, pp. 175-180.   
[22]Jia Tiejun, and Wang Xiaogang, "The Construction and Realization of the Intelligent NIPS Based on the Cloud Security," in 1st International Conference on Information Science and Engineering (ICISE), Nanjing 2009, pp. 1885 - 1888.  [23]Xuxian Jiang, Xinyuan Wang, Dongyan Xu, "Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction," in Proceedings of the 14th ACM conference on Computer and communications security, Alexandria, Virginia, USA, 2007, pp. 128-138.   
[24]Abhinav Srivastava, and Jonathon Giffin, "Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections," in Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection, Cambridge, MA, USA, 2008, pp. 39-58.   
[25]Bernhard Jansen, Harigovind Ramasamy, Matthias Schunter, et al, "Architecting Dependable and Secure Systems Using Virtualization " in Architecting Dependable Systems V, 2008, pp. 124-149.   
[26]Bryan D. Payne, Martim Carbone, Monirul Sharif, Wenke Lee, "Lares: An Architecture for Secure Active Monitoring Using Virtualization," 2008 IEEE Symposium on Security and Privacy (sp 2008), 2008, pp.233-247.   
[27]Flavio Lombardi, and Roberto Di Pietro, "KvmSec: a security extension for Linux kernel virtual machines," in Proceedings of the 2009 ACM symposium on Applied Computing, Honolulu, Hawaii, 2009, pp. 2029-2034.   
[28]Lenin Singaravelu, Calton Pu, Hermann Hrtig, Christian Helmuth, "Reducing TCB complexity for security-sensitive applications: three case studies," SIGOPS Oper. Syst. Rev., vol. 40, pp. 161-174, 2006.   
[29]Takahiro Shinagawa, Hideki Eiraku, Kouichi Tanimoto, et al, "BitVisor: a thin hypervisor for enforcing i/o device security," presented at the Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments, Washington, DC, USA, 2009.   
[30]Udo Steinberg, Bernhard Kauer, "NOVA: a microhypervisorbased secure virtualization architecture," in Proceedings of the 5th European conference on Computer systems, Paris, France, 2010, pp. 209-222.   
[31]Ryan Riley, Xuxian and Dongyan Xu, "Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing," in the Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection, Cambridge, MA, USA, 2008.   
[32]Rich Uhlig, Alberto Munoz, "Resource Protection in Virtualized Infrastructures," Intel® Virtualization Technology, August 2009.   
[33]Amani Salah Ibrahim, Mohamed Shouman, Hossam Faheem, "Surviving cyber warfare with a hybrid multiagent-base intrusion prevention system," Potentials, IEEE, vol. 29, pp. 32-40, 2010.   
[34]Microsoft Research, "Securing Microsoft's Cloud Infrastructure," in White Paper, 2009, http://www.globalfoundationservices.com/security/documents/ Se curingtheMSCloudMay09.pdf, Accessed on August 2010.   
[35]VMware, "Virtual Appliances: A New Paradigm for Software Delivery, http://www.vmware.com/files/pdf/vam/VMware_Virtual_Appl ia nce_Solutions_White_Paper_08Q3.pdf," White Paper, 2009, Accessed on September 2010.