Advertisement

A Novel Agent-Based Framework in Bridge-Mode Hypervisors of Cloud Security

  • Maziar Janbeglou
  • WeiQi Yan
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 172)

Abstract

Cloud computing has been introduced as a tool for improving IT proficiency and business responsiveness for organizations as it delivers flexible hardware and software services as well as providing an array of fundamentally systematized IT processes. Despite its many advantages, cloud computing security has been a major concern for organizations that are making the transition towards usage of this technology. In this paper, we focus on improving cloud computing security by managing and isolating shared network resources in bridge-mode hypervisors.

Keywords

cloud computing security virtual machine virtualization virtual networking hypervisor 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Wu, X., Wang, W., Lin, B., Miao, K.: Composable IO: A Novel Resource Sharing Platform in Personal Clouds. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) CloudCom 2009. LNCS, vol. 5931, pp. 232–242. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Weiss, A.: Computing in the clouds. netWorker, 16–25 (2007), doi:10.1145/1327512.1327513.Google Scholar
  3. 3.
    Yeh, J.T.: The Many Colors and Shapes of Cloud. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) CloudCom 2009. LNCS, vol. 5931, p. 1. Springer, Heidelberg (2009)Google Scholar
  4. 4.
    David, W.C.: Cloud computing: Key initiative overview. Gartner (2010), doi:EUKEINCLCOOVRW012110Google Scholar
  5. 5.
    Mell, P., Grance, T.: The National institute of standards and technology (NIST) definition of cloud computing (2009)Google Scholar
  6. 6.
    Onwubiko, C.: Security issues to cloud computing, pp. 271–288. Springer, London (2010), doi:10.1007/978-1-84996-241-4_16Google Scholar
  7. 7.
    Abramson, D., Buyya, R., Giddy, J.: A computational economy for grid computing and its implementation in the nimrod-g resource broker. Future Generation Computer Systems (FGCS) 18(8), 1061–1074 (2002)zbMATHCrossRefGoogle Scholar
  8. 8.
    Kouzes, R.T., Anderson, G.A., Elbert, S.T., Gorton, I., Gracio, D.K.: The changing paradigm of data-intensive computing. Computer 42, 26–34 (2009)CrossRefGoogle Scholar
  9. 9.
    Mather, T., Kumaraswamy, S., Latif, S.: Cloud security and privacy: An enterprise perspective on risks and compliance. O’Reilly Media (2009)Google Scholar
  10. 10.
    Zhang, Q., Cheng, L., Boutaba, R.: Cloud computing: State-of-the-art and research challenges. Journal of Internet Services and Applications, 7–18 (2010), doi:10.1007/s13174-010-0007-6Google Scholar
  11. 11.
    Gourley, B.: Cloud computing and cyber defense. A white paper provided to the national security council and homeland security council as input to the White House review of communications and information infrastructure (2009)Google Scholar
  12. 12.
    Yang, H., Wu, G., Zhang, J.-z.: On-Demand Resource Allocation for Service Level Guarantee in Grid Environment. In: Zhuge, H., Fox, G.C. (eds.) GCC 2005. LNCS, vol. 3795, pp. 678–689. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Oh, T.H., Lim, S., Choi, Y.B., Park, K.-R., Lee, H., Choi, H.: State of the Art of Network Security Perspectives in Cloud Computing. In: Kim, T.-h., Stoica, A., Chang, R.-S. (eds.) SUComS 2010. CCIS, vol. 78, pp. 629–637. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Espadas, J., Molina, A., Jimenez, G., Molina, M., Ramirez, R., Concha, D.: A tenant-based resource allocation model for scaling Software-as-a-Service applications over cloud computing infrastructures (2011), doi:10.1016/j.future.2011.10.013Google Scholar
  15. 15.
    Mahmood, Z.: Cloud computing for enterprise architectures: concepts, principles and approaches. In: Cloud Computing for Enterprise Architectures, pp. 3–10. Springer (2011)Google Scholar
  16. 16.
    Dawoud, W., Takouna, I., Meinel, C.: Infrastructure as a service security: Challenges and solutions. In: 2010 7th International Conference on Informatics and Systems, INFOS 2010, Cairo, Egypt, March 28-30 (2010)Google Scholar
  17. 17.
    Dave, T.: Enabling application agility - Software as a Service, cloud computing and dynamic languages. Journal of Object Technology, 29–32 (2008)Google Scholar
  18. 18.
    Frederick, C., Gianpaolo, C.: Architecture strategies for catching the long tail. Microsoft Corporation (2006)Google Scholar
  19. 19.
    Gillett, F.E.: The new tech ecosystems of cloud, cloud services, and cloud computing. Forrester Research (2008)Google Scholar
  20. 20.
    Turner, M., Budgen, D., Brereton, P.: Turning software into a service. Computer 36(10), 38–44 (2003), doi:10.1109/mc.2003.1236470CrossRefGoogle Scholar
  21. 21.
    Lawton, G.: Developing software online with Platform-as-a-Service technology. Computer, 13–15 (2008), doi:10.1109/mc.2008.185Google Scholar
  22. 22.
    Buyya, R., Yeo, C.S., Venugopal, S., Broberg, J., Brandic, I.: Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation Computer Systems, 599–616 (2009), doi:10.1016/j.future.2008.12.001Google Scholar
  23. 23.
    Dillon, T., Chen, W., Chang, E.: Cloud Computing: Issues and Challenges. In: 24th IEEE International Conference on Advanced Information Networking and Applications, AINA, pp. 27–33 (2010)Google Scholar
  24. 24.
    Wang, C., Wang, Q., Ren, K., Lou, W.: Ensuring data storage security in cloud computing. Cryptology ePrint archive, report 2009/081 (2009)Google Scholar
  25. 25.
    Grossman, R.L.: The case for cloud computing. IT Professional 11, 23–27 (2009)MathSciNetCrossRefGoogle Scholar
  26. 26.
    Grossman, R.L., Gu, Y.: On the varieties of clouds for data intensive computing (2009)Google Scholar
  27. 27.
    Pearson, S.: Taking account of privacy when designing cloud computing services. In: 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, CLOUD 2009, Vancouver, BC, Canada, May 23 (2009)Google Scholar
  28. 28.
    Anthony, T.V., Toby, J.V., Robert, E.: Cloud computing: A practical approach. McGraw-Hill (2010)Google Scholar
  29. 29.
    Llanos, D.R.: Review of grid computing security by anirban chakrabarti, pp. 45–45. Springer (2007) ISBN: 3540444920.45-45, doi:10.1145/1317394.1317406Google Scholar
  30. 30.
    Szefer, J., Keller, E., Lee, R.B., Rexford, J.: Eliminating the hypervisor attack surface for a more secure cloud. In: 18th ACM Conference on Computer and Communications Security, CCS 2011, Chicago, IL, United states, October 17-21 (2011)Google Scholar
  31. 31.
    Tolnai, A., Von Solms, S.H.: Securing the cloud’s core virtual infrastructure. In: 5th International Conference on Broadband Wireless Computing, Communication and Applications, BWCCA 2010, Fukuoka, Japan, November 4-6 (2010)Google Scholar
  32. 32.
    Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: Formal verification of an OS kernel. In: 22nd ACM SIGOPS Symposium on Operating Systems Principles, SOSP 2009, Big Sky, MT, United states, October 11-14 (2009)Google Scholar
  33. 33.
    Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: SOSP 2003: Proceedings of the 19th ACM Symposium on Operating Systems Principles, Lake George, NY, United states, October 19-22 (2003)Google Scholar
  34. 34.
    Nishikiori, M.: Server virtualization with VMware vSphere 4. Fujitsu Scientific and Technical Journal, 356–361 (2011)Google Scholar
  35. 35.
    Muthu, R.: Component-based development for cloud computing architectures. In: Cloud Computing for Enterprise Architectures, pp. 91–113. Springer (2011)Google Scholar
  36. 36.
    dos Santos Ramos, J.C.C.: Security challenges with virtualization. universidade de lisboa (2009)Google Scholar
  37. 37.
    Larry, D.: Virtualization: What are the security risks? ZDnet (2008), http://www.zdnet.com/blog/security/virtualization-what-are-the-security-risks/821 (accessed January 22)
  38. 38.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. In: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, Bolton Landing, NY, USA (2003)Google Scholar
  39. 39.
    Joel, K.: Virtual machine security guidelines (September 2007)Google Scholar
  40. 40.
    Janbeglou, M., Zamani, M., Ibrahim, S.: Redirecting outgoing DNS requests toward a fake DNS server in a LAN. In: 2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010, Beijing, China, July 16-18 (2010)Google Scholar
  41. 41.
    Nourian, A., Maheswaran, M.: Privacy and security requirements of data intensive computing in clouds. In: Handbook of Data Intensive Computing. Springer Science and Business Media (2011), doi:10.1007/978-1-4614-1415-5 19Google Scholar
  42. 42.
    Rittinghouse, J.W., Ransome, J.F.: Cloud computing: implementation, management, and security. CRC Press (2009)Google Scholar
  43. 43.
    Basak, D., Toshniwal, R., Maskalik, S., Sequeira, A.: Virtualizing networking and security in the cloud, pp. 86–94 (2010), doi:10.1145/1899928.1899939Google Scholar
  44. 44.
    Ferguson, P., Senie, D.: Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing. RFC 2827 (2000)Google Scholar
  45. 45.
    Ramachandran, V., Nandi, S.: Detecting ARP Spoofing: An Active Technique. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2005. LNCS, vol. 3803, pp. 239–250. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  46. 46.
    Thawatchai, C.: Sniffing packets on LAN without ARP spoofing. In: 3rd International Conference on Convergence and Hybrid Information Technology, ICCIT 2008, Busan, Republic of Korea, November 11-13 (2008)Google Scholar
  47. 47.
    Pu, X., Liu, M., Jin, J., Cao, Y.: A modeling of network I/O efficiency in Xen virtualized clouds. In: International Conference on Electronics, Communications and Control, ICECC 2011, Ningbo, China, September 9-11 (2011)Google Scholar
  48. 48.
    Schoo, P., Fusenig, V., Souza, V., Melo, M., Murray, P., Debar, H., Medhioub, H., Zeghlache, D.: Challenges for cloud networking security mobile networks and management, pp. 298–313. Springer, Heidelberg (2011), doi:10.1007/978-3-642-21444-8_26Google Scholar
  49. 49.
    Wu, H., Ding, Y., Yao, L., Winer, C.: Network security for virtual machine in cloud computing. In: 5th International Conference on Computer Sciences and Convergence Information Technology, ICCIT 2010, Seoul, Republic of Korea, November 30-December 2 (2010)Google Scholar
  50. 50.
    Man, N.D., Huh, E.-N.: A collaborative intrusion detection system framework for cloud computing. In: International Conference on IT Convergence and Security 2011, ICITCS 2011, Suwon, Republic of Korea, December 14-16 (2012)Google Scholar
  51. 51.
    Masayuki, O., Tetsuo, S., Takuya, S.: Security architectures for cloud computing, fujitso (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Maziar Janbeglou
    • 1
  • WeiQi Yan
    • 1
  1. 1.AUT UniversityAucklandNew Zealand

Personalised recommendations