Professional Documents
Culture Documents
Synopsis
Submitted to SLIET for the registration of the topic for Doctor of Philosophy in the Department of Computer Science & Engineering
Session 2011-2012 Supervised by Supervisor Dr. V.K.Jain Professor Deptt. of Electrical & Instrumentation Engg., SLIET ,Longowal,India Submitted by Rohitash Kumar Banyal Regd. No.-PCS-1103 Rajasthan Technical University Kota,(Raj.)India Email:rkbayal@gmail.com Co- Supervisor Dr. Pragya Jain Professor Computer Service Center Indian Institute of Technology Delhi New Delhi, India
Sant Longowal Institute of Engineering & Technology (Deemed-to-be- University) Longowal-148106, District Sangrur, Punjab
Chapters 1. Introduction 2. Literature Review 3. Need of the Study 4. Scope of the Study 5. Objectives of the Study 6. Research Methodology 7. Tentative Chapter Scheme 8. Bibliography
Page No.
R15**
1.1 Introduction
Individual users in general do not have a problem with posting their personal data on the internet. Actually, sometimes they even want this kind of data to be shared. They upload pictures, videos and write blogs. Companies, on the other hand are much more cautious. They seek assurance that their confidential data will be secure, even if allowed access through internet. In the last couple of years a new information technology (IT) paradigm called cloud computing emerged on the internet. It is promising to increase IT efficiency and on the other hand reduce IT costs considerably, making it a very attractive technology. Due to the recent trend and pressures to cut costs, businesses are considering it, if not using it already. Because of the nature of the cloud computing concept, its immaturity and the absence of standardization, companies have legitimate worries on their data security when considering using its services.
R13**
Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services)that can be rapidly provisioned and released with minimal management effort or service provider interaction. [MG09b] In recent years, Cloud Computing has gained remarkable popularity due to the economical and technical benefits provided by this new way of delivering computing resources, and the pervasive availability of high-speed networks. Businesses can offload their IT infrastructure into the cloud and benefit from
Chapter 1 Introduction
the rapid provisioning and scalability. This allows an on-demand growth of IT resources in addition to a pay-as-you-go pricing scheme, which does not require a high up-front capital investment. These benefits are in particular attractive to small businesses, like start-ups, who often have traffic spikes or a steep growth rate, and who prefer to avoid intensive up-front capital investment in their IT infrastructure. However, cloud computing is not limited to such small business. The US government, one of the largest consumer of information technology, is initiating a move of parts of its IT infrastructure into the cloud, in order to reduce costs and gain productivity [Kun10]. These general principles of cloud computing can be implemented on different abstraction levels. While Infrastructure as a Service, such as Amazon EC2 [Ama10a], provides virtual machines, storage, and networks, higher abstractions include Platform as a Service as well as Software as a Service that provide the actual web-based applications to end-users.
1.2 Scope
Although cloud computing in general faces security challenges inhibiting the adoption by consumers, in this thesis we will focus on infrastructure clouds. In particular, we chose Amazon has an example for an infrastructure cloud provider, because they are among the widest adopted providers and provide a flexible but also complex architecture, which has a higher potential of misconfigurations leading to security problems. Within the infrastructure cloud, we are in particular interested in the security audit of multi-tier architectures deployed in the cloud with a focus on network security regarding
1.3 Methodology
In order to successfully address the problem of configuration complexity and potential misconfigurations in cloud computing environments, we narrowed down the problem domain to a specific case of multi-tier applications deployed in infrastructure clouds using a specific cloud provider as an example case. We will study existing literature in the broad domain of virtual machine security, which plays a fundamental part in the security of infrastructure clouds, and network security analysis with a focus on vulnerability assessment and reachability. Based on the insights and inspirations obtained by performing the literature review, we will propose a novel approach in assessing the security of a multi-tier application deployed on the Amazon infrastructure cloud. By implementing our approach and then evaluating it regarding practicality and scalability, we will determine the practical usefulness for detecting misconfigurations even in large-scale deployments. The evaluation is performed both theoretical and practical. The theoretical evaluation is conducted by assuming complex configuration scenarios and analyze the algorithm run-time using an ideal computer. The practical evaluation is performed using the implementation on a sample multi-tier application deployed on Amazon EC2.
Chapter 2 Background
In this chapter we will present the background information required for understanding the remainder of this research proposal. The explanation of Cloud Computing given in Chapter 1 will be extended with further technical details and clarifications. Virtualization, the fundamental technology of Cloud Computing, will be explained from a technical perspective including the various forms of virtualization depending on the virtualized resource. We will present the underlying architecture of Amazon Web Services (AWS) as an example of the architecture of a public infrastructure cloud provider, and for becoming familiar with the architecture for later analysis purposes.
Different networking solutions are offered depending on the cloud provider. GoGrid and RackSpace use hardware-based VLAN separation for isolating different customer networks. Amazon uses a software-based approach realized with packet filters called Security Groups. Customer virtual machines can be part of a security group and the associated policy applies to inbound traffic for these VMs. Furthermore, Amazon restricts the traffic a VM receives and therefore prevents packet sniffing. Another networking option offered by Amazon, and in preparation at GoGrid, are Virtual Private Networks, or Virtual Private Clouds in Amazons nomenclature. The VMs in the VPN/VPC are separated from the publicly reachable instances on the network and are connected through a VPN-gateway with an existing enterprise network. It enables enterprises to seamlessly extend their network into the cloud and leverages its computing and storage resources. Storage can be provided in different ways varying among the multiple IaaS providers. Four different forms can be identified in the currently available providers: NAS-like, SAN-like, API-based data objects, and Virtual Machine storage. A virtual machine has typically a fixed-size data storage available, which is equivalent to a harddisk in a regular desktop or server computer. In some cases this type of storage is only intended to be used for temporary data and is itself non-persistent, i.e., after the machine terminates the data is lost. NAS-like storage, like GoGrid Cloud Storage, is accessible from the VMs on a file-based level using standard protocols like CIFS. Amazon Elastic Block Store (EBS) is a SAN-like storage type, which appears to the VM as an additional block-device. An EBS volume can be attached to different VMs, but not to multiple VMs simultaneously, and the size can be adjusted presuming the filesystem on the block-device is resizable as well. The last type of storage is accessible through an API and holds data objects up to a specific size, e.g., in the range of several gigabytes. This is a very scalable kind of storage, i.e., one can store an arbitrary amount of objects, and also provides the possibility of distributing these objects using a Content Distribution Network offered by the provider. Examples of this kind of storage are Amazon Simple Storage Service (S3) and RackSpace CloudFiles.
sidechannel attacks, are avoided in the private cloud offering. Community Clouds are providing services for a limited set of customers from a specific community, e.g., an organization, which have similar requirements. They are either operated by in-house staff or a third party, and hosted either on- or off-premise. Hybrid Clouds are the results of the composition of private and public clouds. For example a customer can run his critical and security-sensitive processes on an in-house operated private cloud, but outsource certain noncritical processes to a cheaper public cloud. The Cloud Cube Model is presented in [Jer09] and categorizes clouds based on four criteria: external or internal proprietary or open perimeterised or de-perimeterised insourced or outsourced The first criterion determines if the resources of the cloud are located onor off-premise. The second one identifies potential interoperability based on the technology used. Open technology allows interoperability between different cloud providers and proprietary technology can lead to a vendor lock-in. The third criterion is used to determine if the cloud resources are part of the customers network perimeter or not. Virtual Private Networks, e.g., Amazons VPC, can transform a typically de-perimeterised cloud to a perimeterised one. The last criterion states if the cloud is operated by in-house staff or a third party. These criteria can be visualized as shown in Figure 2.1.
provide computational resources which are consumed by the means of virtual machines. Due to this strong connection between these two technologies, security problems associated with virtual machines will have an impact on the overall security of infrastructure clouds. Therefore a review of existing literature on the topic of virtual machine security will give us a useful foundation for analyzing the security of infrastructure clouds and provides an insight in the underlying security challenges.
3.1.1 Overview
A comprehensive overview of virtual machines and their corresponding security challenges and benefits is presented in [GR05], which we will summarize in this section and use as a thread for further details of the exposed challenges and solutions in the remaining sections. Virtual machines provide a high degree of flexibility by allowing users to easily create, copy, snapshot, rollback, and migrate them. This flexibility results in major adoption of virtual machines by users for different purposes, e.g., for testing of software or configurations using snapshots and the rollback mechanism. Security Issues The authors of the paper extracted the following list of security issues related to virtual machines. Scaling represents the problem that users now have multiple virtual machines, e.g., for testing and development purposes, instead of a very few number of physical ones. Therefore the total number of machines drastically increases within one organization and the workload on the security systems will increases accordingly. Diversity in operating systems, OS versions and patch levels increases the complexity in the security management of the infrastructure. VMs typically result in a high diversity, because users have multiple snapshots of VMs and testers can have a collection of different VMs. Transience is another security issue induced by the flexibility of virtual
The increasing amount of IT services o ered demands controlling and transparency measures for service providers and customers. Service level agreements (SLA) build the basis for these measures, because they document all speci
cations of a service in detail on the interface between service provider and customer. Of particular interest for SLAs are the scope of services, reaction times and performance of transactions. Service providers usually o er their services with multiple service levels. The customer selects the required service and service level depending on its economic and
nancial interests. SLAs open up the critical discussion between service provider and customer to clarify relevant questions about the quality of service. Additionally, they help to reduce legal actions when problems arise, because the service and its output are de
ned in detail. SLAs have become popular due to the introduction of the IT Infrastructure Library (ITIL) (www.itil.org) and form an integral part of service-level management. SLAs are de
ned as follows: "A contract between the provider and the user that speci
es the level of service expected during its term. SLAs are used by vendors and customers as well as internally by IT shops and their end users. They can specify bandwidth availability, response times for routine and ad hoc queries, response time for problem resolution (network down, machine failure, etc.) as well as attitudes and consideration of the technical sta . SLAs can be very general or extremely detailed, including the steps taken in the event of a failure [PCM10]." Trust and transparency build a basis for cloud computing and this is displayed in SLAs, too. Customers should not hesitate to discuss their requirements. A good start is the recommendations made in chapter 6.1. Hence, the recommendation for companies with interest in external cloud services is the negotiation of customized SLAs. A good start is the use of the standard SLA provided by the cloud service provider. Based on the standard SLA, customizations answer in detail questions about technical performance, backup, risks, liability, legal issues, escalation and sub providers. It is important to work out detailed and customized SLAs to answer all open customer questions. Customers should turn their attention especially to legal and compliance issues. Professional cloud service providers will publish background information about implemented security measures. In addition, they even allow audits not only once, but on a regular basis (see chapter 5.3 for Salesforce.com's e orts in doing so). This should be documented in the SLA for clarity as well.
Everything-as-a-Service (EaaS / XaaS) is a concept of o ering IT services on di erent layers of the IT stack. The Aim is the delivery of
ne grained, scalable, without location limits and pay-per-use services on demand. The resources of these services are virtualized, multi-tenant and available on-demand with pay-per-use models. The results are self-provisioned and elastic usage of cloud services. It is one view point on the practical application of cloud computing. Jonathan Yarmis, vice president of ARM Research (www.armresearch.com) stated in 2008 that "Cloud Computing is not just for software as a service, but EaaS Everything as a Service. Many things as discrete products become cloud-based o erings. It o ers us an independence of device and location that is profoundly important [CNE08]." This quotation of Jonathan Yarmis shows the importance of EaaS as a part of cloud computing and the need to describe it in detail.
Figure 2.4 shows the EaaS stack with the three accepted layers. The layers with the biggest inuence on cloud computing from bottom to top are Infrastructure-asa-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). These layers build the main service levels with relevance to cloud service providers. It is not unlikely for the future that more service layers are added to the three accepted ones. Especially, industry or security services might be added as demand grows. An important fact for cloud computing and its service delivery models is the drastic change of business models. Not selling "only" a product and licenses, but the ongoing service delivery and customer satisfaction will change the relationship between customers and cloud service providers. A strong customer loyalty enabled through trust is necessary for cloud service providers to stay in the market.
2.6.1. Infrastructure-as-a-Service
The concept started under the term Hardware-as-a-Service (HaaS) and was later transformed to Infrastructure-as-a-Service (IaaS) to show the holistic approach for all hardware to run an IT infrastructure as a service. It was
rst described in March 2006 by Nicholas Carr as a concept of renting "IT hardware - or even an entire data center - as a pay-as-you-go subscription service that scales up or down to meet your needs [Blo06]." and is used by IaaS enables consumers to have more control over the IT infrastructure. In addition, customers can work exibly, because they can customize and administer the virtualized IT infrastructure (servers, storage and network) to their needs and depending on their platforms and applications. The opportunity of new business models where infrastructure is just rented and not purchased and implemented in expensive and time consuming projects especially helps start-ups and SMEs. Each customer has his self-provisioned and elastic virtualized IT infrastructure without considerations of the actual underlying physical IT infrastructure. Standardization of IT infrastructure allows the di erentiation of storage and computing services; actually computing services follow storage services. The basis of billing for storage is usually used data volume per time and transferred data volume. Looking at the billing of computing power, CPU and memory usage plus external data volume transfer are standard indicators. Popular IaaS vendors and products are: 1. Amazon (www.amazon.com) Elastic Computing Cloud (EC2) Simple Storage Service (S3) 2. GoGrid (www.gogrid.com) 3. Rackspace (www.rackspace.com)
2.6.2. Platform-as-a-Service
Platform-as-a-Service (PaaS) is the provision of application or technical framework platforms without spending time on thinking and working on the underlying necessary hardware, operating system and task speci
c tools. At the moment, the focus for companies of PaaS is on using this concept when developing and running (web) applications for the cloud. Therefore the whole life cycle of the development of a web application and the appropriate workow is supported and represented in PaaS o ers. Forrester (www.forrester.com) thinks of PaaS in times of the
nancial and economic crises / recession as a way out for companies when Especially software developers pro
t from PaaS and its advantages with faster time-to-market cycles during product developing. It is not necessary to deal with operating system or similar application issues, because PaaS services already provide frameworks to develop in. Examples of frameworks are Java, Ruby or .NET. The SOA paradigm of loose coupling plays an important role as today's business processes are often a combination of several modularized services which provide a certain value. Services of PaaS are integration, access control, synchronization and data management which are implemented via an Internet Service Bus (ISB). Michael Iovino, CIO at Author Solutions (www.authorsolutions.com), stated that This quote shows the potential of PaaS for developers of established companies or even young start-ups when using PaaS as integrated development solution for generating business applications as services when costs must stay low and time is limited. Popular PaaS vendors are: 1. Google (www.google.com) Google App Engine 2. Salesforce (www.salesforce.com) Force.com 3. Microsoft (www.microsoft.com) Azure
2.6.3. Software-as-a-Service
ned as the on demand usage of net-native software which is available via a network (e.g. the Internet) by cloud service providers. Payment is done on a pay-per-use model instead of buying licenses. The provider of the service infrastructure bears the costs for hosting, management and updates. The customer pays only for the operation of the service. Again, like the other layers of EaaS, the aim is to reduce costs for IT infrastructure with the bene
cient workow. All tasks of data center operation for these services are the cloud service provider's responsibility. The customer cuts his total expenditures by deleting capital outlays and only having to deal with the operational expenses. Software vendors pro
t from controlling and limiting use. The result is the prohibition of copying and distribution by unauthorized users. A disadvantage of SaaS is the limited ability to customize applications that are being used. SaaS shows similarities to Application-Service-Providers (ASP), but is not the same. ASP is a single-tenant implementation with dedicated hardware and software for one customer. The provided software is usually not net-native and therefore tends to have poor performance. SaaS on the other hand, features multi-tenancy and net-native implementation. SaaS has the biggest range of applications for companies in the sector of Customer Relationship Management (CRM) and Enterprise Resource Planning (ERP). Here, Salesforce.com is a big player in providing SaaS CRM solutions and was added to the quadrant of visionaries [Gar07]. This displays the relevance of the SaaS topic for modern business, because it is seen as a major step towards competitive usage of applications in the future. Popular vendors of (partly free of charge) SaaS are: 1. Google Google Docs Google Mail 2. Apple (www.apple.com) iWork.com 3. Microsoft MS Online Services