ArticlePDF Available

Comprehensive Analysis of Security Issues and Solutions While Migrating to Cloud Environment

Authors:
Amit Wadhwa at G L Bajaj Institute of Technology and Management
Amit Wadhwa
  • G L Bajaj Institute of Technology and Management
Download full-text PDF
Read full-text
Download citation

Abstract and Figures

Cloud computing is a computing area which has evolved from grid and utility computing to virtualization and service oriented architecture. By combining a set of existing and new techniques from research areas such as Service- Oriented Architectures (SOA) and virtualization, cloud computing is regarded as such a computing paradigm in which resources in the computing infrastructure are provided as services over the Internet. For providing various services or features it follows certain cloud service adoption models. All these models face some security concerns or the others. Many times in the past various distinguished security models[1] are presented by many researchers for resolving them and providing a better known solution to IT industry adopting cloud based service model. This paper aims at studying and analyzing various issues involved with virtualized architecture incurred while one is migrating to cloud architecture, finding out various security measures from varying risk levels and present a refined or distinguished security model or solution based on all those issues discussed throughout the search. Main focus of the analysis carried here is on issues involved while adopting virtualization based infrastructure for moving in cloud, authentication based risks, risks incurred while data migration, attack on VM’s, issues while adopting virtualization, risk generated from malicious insiders are few to be discussed here.
Figures - uploaded by Amit Wadhwa
Author content
All figure content in this area was uploaded by Amit Wadhwa
Content may be subject to copyright.
Content uploaded by Amit Wadhwa
Author content
All content in this area was uploaded by Amit Wadhwa on Jun 29, 2016
Content may be subject to copyright.
International Journal of New Innovations in Engineering and Technology
Volume 4 Issue 4 April 2016 127 ISSN : 2319-6319
Comprehensive Analysis of Security Issues and
Solutions While Migrating to Cloud
Environment
Amit Wadhwa
Department of Computer Science and Engineering
Amity University Haryana, Gurgaon, Haryana, India
Abstract- Cloud computing is a computing area which has evolved from grid and utility computing to virtualization and
service oriented architecture. By combining a set of existing and new techniques from research areas such as Service-
Oriented Architectures (SOA) and virtualization, cloud computing is regarded as such a computing paradigm in which
resources in the computing infrastructure are provided as services over the Internet. For providing various services or
features it follows certain cloud service adoption models. All these models face some security concerns or the others.
Many times in the past various distinguished security models[1] are presented by many researchers for resolving them
and providing a better known solution to IT industry adopting cloud based service model. This paper aims at studying
and analyzing various issues involved with virtualized architecture incurred while one is migrating to cloud architecture,
finding out various security measures from varying risk levels and present a refined or distinguished security model or
solution based on all those issues discussed throughout the search. Main focus of the analysis carried here is on issues
involved while adopting virtualization based infrastructure for moving in cloud, authentication based risks, risks
incurred while data migration, attack on VM’s, issues while adopting virtualization, risk generated from malicious
insiders are few to be discussed here.
Keywords Virtualization, VM (Virtual machine), CSP (Cloud service provider), Hypervisor, Virtual machine manager
(VMM), VDC (Virtualized data center).
I. INTRODUCTION
A model used for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable
computing resources that can be rapidly provisioned and released with minimal management eort or service
provider interaction is defined as Cloud computing as per the definition by NIST[4]. For using the cloud based
services, every user subscribes them by registering with a CSP based on a well defined and restricted service-level
agreement (SLA). Generally computing resources are provided to users or cloud adopters as virtual machines (VM).
In order to accomplish the above said processes one requires a cloud interface with which users can, submit a
request to access the virtual machine available with a host. These front-end interfaces and connected resource hosts
are managed by a central server whose task is to provision these resources.
The all above core components like server, [3] host machine and users are normally authenticated using certain [2]
cryptography based protocols.
Now a days, organizations or businesses choose the cloud as a solution based on certain considerations like, as
generally business owners do not know the deep insights about the technology emerging today. So, it becomes much
convenient to have experts working in a system to look after all IT aspects like managing licences, software related
update and architecture based on network to name a few. Secondly, a business or organisation getting started during
the setup time just requires some initial investments in field of IT infrastructure. By using the pay-per-use service of
a cloud service provider (CSP) one needed to pay only for the resources it works with. Another main and important
advantage of the cloud is that it is flexible, scalable and extensible enough to meet the increasing IT needs. [4] The
three advantages mentioned above and many more that invite many companies to move into the cloud architecture
from their traditional non virtualized architectures [1], provided and making security of system at stake.
Cloud based architectures introduced by cloud service providers offer users with three different and inherent levels
of services namely Infrastructure as a Service (IaaS), [1] [3] Platform as a Service (PaaS), or Software as a Service
(SaaS)[1]. Clients who want to use IaaS service will have access to hardware components like servers, host/compute
etc. and software components like OS, [3] virtual machine manager (VMM) and applications etc. For using it they
require [3]dummy machines to experiment or even smart devices like smart phones, PDA’s and tablets etc. for
International Journal of New Innovations in Engineering and Technology
Volume 4 Issue 4 April 2016 128 ISSN : 2319-6319
making them able to access the different services offered by the CSP. [2]The other service level is PaaS which offers
the client software packages that allow software development and running. Ultimately software as service allows
users to have access to a set of applications provided by CSP managing them over the network [2].
II. TRANSITION AND OTHER ISSUES ADOPTING AND IMPLEMENTING CLOUD
Here in this paper, various security issues and concerns will be analysed and classified, these were extracted from
the literature representing various dimensions to risks involved in this architecture.
2.1 Generalized Steps, Issues Adopting Virtual Architecture
Virtualization is basically about abstracting physical resources from users view level and providing them as their
virtualized instances. It allows users to use those resources in a virtualized manner then allocating them dedicatedly.
While building cloud infrastructure a layer cloud service management is required over a VDC. And for having a VDC
in architecture all the resources of a data center need to be virtualized. It can be visualized as shown here in Figure 1.
Figure 1. Virtualized Data Center in Cloud Environment
[3]Challenges faced while virtualizing a data center are discussed with following steps:
Step 1- Virtualize Compute/Host: In order to virtualize compute or host running user applications a layer of
virtualization is introduced between other layers of architecture and compute. The layer has a hypervisor over
which VM’s work, and above VM’s OS and applications work. So, in order to introduce these layers user’s view
is abstracted and it will increase the security breach chances as we have to provide security at VM level,
hypervisor level and also OS and apps running in various VM’s needed to be installed keeping the intermixing of
user’s data in mind. And this introduces a hell lot of complexity and risk factors in the architecture.
Step 2- Virtualize Network: Next step would be to virtualize the network level layer. For doing that one might use
[3] VLAN’s and VSAN’s architectures. In both the architectures the networking devices used have to be
configured to address multiple users request coming from above layer of compute. In order to do that these
architectures of [3]VLAN and VSAN’s use different techniques like NIC teaming, zoning etc. to address issues
raised with multi-tenancy architecture having VM’s installed on same physical architecture controlled with a
hypervisor.
Step 3- Virtualize Storage: In order to virtualize the storage area of a data center things like working with virtual
volumes, creating logical virtual partitions of the storage area using concept of virtual storage provisioning to
create [3]LUN’s is needed. Finally allocating storage to the user working over the network layer at compute
level is handled by allocating virtual LUN’s generated from shared virtual [3]storage pool managed by special
software installed over storage level.
International Journal of New Innovations in Engineering and Technology
Volume 4 Issue 4 April 2016 129 ISSN : 2319-6319
2.2. Concerned Security Issues over a Cloud
Apart from the above mentioned issues emerged while implementing virtualized architecture over a cloud there are
some other security concerns which are required to be addressed. The Issues which require concern are like:
Multi-Tenancy: As it is one of the important features of cloud, providing great benefits as multiple users can use
the same hardware and work on same server simultaneously and independently. But this would also possess a
great threat to the system as its harder for the CSP’s to provide uniform security level to various users working
in different platforms. As in it if an OS is compromised then it might impact the security of other users using
same server.
Attack Rate/Factor: As the cloud is a huge network of servers and computes connected over the network and
CSP has to make them available to its users with all the features like ease of use and efficient processing
requirements, in order to provide that it uses different technology options and different types of heterogeneous
hardware devices. Providing security to these different types of hardware is very difficult for CSP to manage.
Information and Data Ownership: In all information providing system authentication and authorisation of its
users is major point of concern for the provider (CSP in case of cloud platform) or system manager. [3]Main
focus of cloud based architecture is also on providing feature of confidentiality, proof of integrity and the major
requirement of availability of data to its users.
Privacy of Data: CSP has to make sure that data of all users working over the network or cloud architecture is
safe from every perspective and in order to do that it has to decide a security policy. Private data of cloud users
need to be protected from unauthorised access and disclosure which holds a major point of concern.
2.3. Prospective Security Threats over Virtualized Cloud Infrastructure
Apart from the above mentioned point/areas of concern following are the key security threats that emerge over
virtualized architecture:
VM Theft and VM Escape[3]: Theft associated with VM corresponds to the unauthorised copying of VM files
stored under [3]VMFS (virtual machine file system) and VM escape corresponds to the mechanism where
applications running over host would try to override OS and VM and start interacting directly with
virtualization layer. Overriding process results in attacker accessing all other VM’s working over that
virtualization layer.
Faulty Hypervisor: It corresponds to the phenomenon where an attacker tries to attack over install a faulty
hypervisor or virtual machine manager to gain access to the underlying server without the knowledge of guest
OS.
Denial of Service[5] (DOS and Distributed DOS) Attack: In this phenomenon the actual users of an information
provider system are debarred from the services and resources provided by that system. DOS attack might affect
network components and other resources available on host system for legitimate users.
Another attack would be Distributed DOS attack[6] where a rogue DDOS master program is installed over a
stolen account of some user and with this the attacker could access and attack other users working over the
same network.
Leakage of Data: Basically in this the attacker is the one which is working with a [5]VM on a server and he
might attack on the preceding VMs running over the same server, thereby generating unauthorised access to the
confidential data of the users working with the attacked VM. It poses a great threat to the temporary or cached
file stored on the attacked VM’s.
III. SOLUTIONS TO CLOUD SECURITY THREATS
As discussed above there are various points of concern and threats from which cloud users are required to be
protected and CSP has the responsibility of providing perspective security levels in order to allow users to work
freely without worrying about the underlying threats in the architecture[6]. So here an insight onto some thefts and
their proposed solutions to be employed by CSP in order to gain and maintain trust among his customers will be put
forward.
Protection against threats imposed by multi-tenancy, VM Theft and escape: In order to provide protection
at compute level holding VM’s with OS and apps, [5]CSP should keep track on the unused components
like NIC’s, HBA’s and disk drives employed in the architecture. As all these impose and act as an open
point of attack and result into vulnerable contact points to attackers. For providing security against VM
theft and escape one would restrict to limit the movement of VM’s working over a server and access to
[3]VMFS must be protected with some security algorithms. One would implement technique of VM
isolation and changing the default configuration of servers in order to prevent compromised guest OS
International Journal of New Innovations in Engineering and Technology
Volume 4 Issue 4 April 2016 130 ISSN : 2319-6319
affecting other VM’s on the server. Another solution to protect VM’s is to take backups of VM’s from time
to time and isolate the VM under attack automatically.
Protecting Hypervisor: Hypervisors act as single point of failures as attack on them would make all VM’s
working over it vulnerable to attack. If a hypervisor is not in use then it should be blocked for any time of
access in that configuration which would bring down the surface of attack.
Protection against Data Leakage: A firewall can be used dedicatedly for providing security to hypervisors
and VM’s running over it thereby restricting access to all admin interfaces by that firewall. Another use of
that firewall if to monitor VM to VM traffic making it works as a virtual firewall implemented over the
network level.
Protection against DDOS attack: Protection against such type of attacks is necessary as they consume too
many resources of the server over which it happens. So in order to prevent those attacks security policies
implemented over VM’s must be hardened and restricted access to VM’s must be provided, thereby
limiting the attack surface and it might be blocked in case the limit of access has been reached.
IV. CONCLUSION
Here in this paper, the process of transition from a classical to virtualized environment is discussed, thereby
presenting steps involved while moving to cloud based architecture. Secondly some security concerns emerging over
cloud based virtualized environment like employing multi-tenancy, ownership of data and information and other
privacy related issues of data placed over a cloud environment are also put stress upon. Then various emerging
upcoming threats faced in a cloud environment like VM theft and escape, security of hypervisors and DDOS attacks
are elaborated in a proper way. In the end some solutions to the above discussed security concerns and threats
emerging in coming cloud based models implemented by most of the IT organisations or businesses are presented.
REFERENCES
[1] Amit Wadhwa and Dr. V. K. Gupta, “Framework for User Authenticity and Access Control Security over Cloud”. International Journal on
Computer Science and Engineering (IJCSE), Vol 06, No. 04, April, 2014.
[2] Mhammed Chraibi, Hamid Harroud and Abdel. Maach, “Classification of Security Issues and Solutions in Cloud Environments”,
International conference based on Ad-hoc generalized Wireless Sensor and networks, by ACM, at Vienna, Austria, Dec, 2013.
[3] Gnanasundaram, somasundaram, and Shrivastava, Alok. Information Storage and Management.. USA: Wiley, 2013. Print.
[4] Mell, P. and Grance, T. “The NIST definition of cloud computing”. publishd inNIST Special Publication, 2011.
[5] Pardeep Sharma, Sandeep K. Sood, and Sumeet Kaur : “Security Issues in Cloud Computing” (Book review): Springer -Verlag Berlin
Heidelberg, pg. 3645, 2011.
[6] NIST, Guidelines on Security and Privacy in Public Cloud Computing, presented in 2011.
[7] J. Ru and J. Keung. An empirical investigation on the simulation of priority and shortest-job-first scheduling for cloud-based software
systems In Software Engineering Conference (ASWEC), 2013 22nd Australian, pages 7887. IEEE, 2013.
[8] (2010). Security Management in the Cloud. Available http://mscerts.net/programming/Security%20Management%20in%20t
he%20Cloud.aspx
[9] C. Almond, "A Practical Guide to Cloud Computing Security," 27 August 2009.
[10] S. Roschke, et aI., "Intrusion Detection in the Cloud," presented at the Eighth IEEE International Conference on Dependable, AutonomIc
and Secure Computing, Chengdu, China, 2009.
[11] Jinpeng Wei, Xiaolan Zhang, Glenn Ammons et.al., Managing Security of Virtual Machine Images in a Cloud Environment, ACM Cloud
Computing Security Workshop (CCSW’09).
[12] Meiko Jensen, Jörg Schwenk and Nils Gruschka, Technical Security Issues in Cloud Computing, IEEE International Conference on
Cloud Computing, Bangalore, India 9/2009.
... A state of computer "security" is the conceptual idea, attained by use of three processes: threat prevention, detection, and response [13]. These processes are based on various policies and system components, which include the following: ...
... By regularly updating your computer with patches and other software fixes, you block attackers from being able to take advantage of software flaws (vulnerabilities) that they could otherwise use to break into your system [13]. Taking advantage of "auto-update" features in your software is a great start toward keeping yourself safe online. ...
... Several types of security software are necessary for basic online security, that include firewall and antivirus programs [13]. Integrated security suites such as Norton Internet Security combine firewall, antivirus, antispyware with other features such as antispam and parental controls have become popular as they offer all the security software needed for online protection in a single package. ...
A Review on Cyber Crime- Major Threats and Solutions
Article
Full-text available
  • May 2017
  • IJACR
Crime is a common word that we always heard in this globalization era. Crimes refer to any violation of law or the commission of an act forbidden by law. Over the past two decades, cybercrime has become an increasingly widely debated topic across many walks of life. It’s clear that rapid growth of the internet has created unprecedented new opportunities for offending. It is defined as crimes committed on the internet using the computer as either a tool or a targeted victim. This paper presents the types of Cybercrime Activities, important issues on the Security, Prevention, and Detection of Cyber Crime.
View
... This problem was catered to in the previous approaches worked out. Implementing a fake server over the network to prevent attacks over cloud is a costly solution in terms of the resources required to make it feasible by CSP [10] (cloud service provider) [11,12]. So, this opens a channel for providing some low interaction and less resource requiring honey pots to be deployed over cloud [5]. ...
... Still there is need to discover more techniques as attackers in network are keep on mending different ways to bypass any sort of layer in an network to access restricted or confidential data of users. Many different techniques have been presented by researchers over the past like: (a) Digital Signature using SHA and AES For securing cloud users data a model working on this technique have been implemented in the past named as "MLBAAC" [4][5] [7], as per that in order to secure data over cloud a mix of both digital signature [13] [14] with SHA and AES cryptographic algorithms [10] could be used. Implementation for the model suggest that it provided a successful way as employing security using the approach requires sub security procedures implemented as multiple levels of security represented in form of single and multi brakers [5] [7] used to share different portions of the key required to access users data over cloud. ...
Security Approaches and Implementation for Data Protection over Cloud
Article
Full-text available
  • May 2019
In Cloud Computing domain data and its protection is a sensitive matter of concern as data is available with the third party cloud vendor. Over the years many algorithms have been proposed to cater to the problem of sensitive data and its protection and still solutions are coming in form of different approaches employed to find an effective solution to the problem. In earlier works related to this MLBAAC model has been presented catering to some of the issues of data security and sensitive data protection. This paper focuses on discussing and detailing the approaches used to handle the issue of data protection and specifically sensitive data protection of users over cloud. Further in addition to that, this paper discusses the actual implementation and design of the system used in MLBAAC[5][7] model for implementation of such approaches.
View
... Crossover is the process of taking two parent chromosomes and producing from them number of offspring's [34]. After the selection (reproduction) process, the population is filled with better individuals. ...
... RESULTS OF VARIOUS SELECTION TECHNIQUES FOR APPROPRIATE NO. OF ITERATIONS Here inTable 1above it's been shown that, how in different number of iterations the fitness values of different selection techniques changes and one of them finally reaches a maximum value, optimizing the function under processing[34] [33][29]. Along with this one line graph is also shown below to display a comparison of these three techniques based on the fitness values.Fig 7: Line graph showing comparison of different selection techniques The results can also be depicted using a bar graph showing the fitness values of various selection techniques, when applied for de Jong's function1 as shown in Fig 7 here. ...
Performance Analysis of Selection Schemes in Genetic Algorithm for Solving Optimization Problem Using De Jong's Function1
Article
Full-text available
  • May 2017
Genetic Algorithm (GA) is known to be a search algorithm based on idea of natural selection and survival of fittest [11]. The main idea behind the approach is, for a population of individuals adapting to some environment, they should behave naturally. Genetic Algorithm and other evolutionary algorithms are used over the years for finding solution to different emerging problems which could be better implemented and solved using approach of Genetic algorithm. Out of many such problems optimization problems are having their own importance and had a great scope for further research. There are different solutions given by different researchers for finding solutions to such optimization problems. This paper is about using De jong's function 1 adopted for finding a solution to an optimization problem and thereby comparing the performance of chosen selection schemes used in Genetic Algorithm
View
... Execution Time Analysis Using Digital Signature and SHA1 with SL and DL Division TechniquesFigure 6below shows the average of execution time required for both the division techniques for secret service access key distribution[14][16] after implementation of Digital Signature using SHA1 hashing technique. ...
Analysis of Multilevel Security based Service Access Control and Data Protection Approach for Cloud
Article
Full-text available
  • May 2020
Resolving security issues in cloud-based systems has been a focused area for research from quite some time. Many techniques and models have been proposed by researchers but still there is a scope for improvement in this regard. Issues like access control and authentication for accessing services has been a prime area of concern over the years. Over a cloud using or accessing various services securely is a major concern keeping in mind the malicious insider attack which might occur raising security concerns for Cloud Service Providers(CSP's). Apart from this, data security with a suitable mechanism for key exchange over cloud has also been a major concern for cloud practitioners. Here in this paper one such technique for service access key distribution acting as multilevel security technique, being made securely has been discussed and analyzed. System implementation is performed on a system modelled as cloud using a simulation tool CloudSim. The paper also covers implementation and analysis of a secure technique for data protection over cloud using digital signature and cryptography.
View
... encryption-decryption) or a combination of it with digital signature [11] for security of data over cloud. Along with this very few of them are focused towards protection of critical data files [13], [14] to be stored over cloud storage servers. So, here in our work the focus will be on proposing a technique or algorithm suitable for providing protection to critical data files to be stored over cloud storage servers. ...
Proposed Technique for Securing Critical Data Over Cloud
Article
Full-text available
  • May 2018
Cloud computing has emerged as a new computing platform where users are able to use services provided by cloud service providers on basis of pay per use model. The services can vary from using infrastructure and platform or software as a service. From the origination of Cloud Computing technology, the major concern for the users is to secure their data being stored over cloud storage servers. Although there are different cryptographic algorithms being implemented over cloud to secure user's data but still there are instances of unauthorized intrusions emerging over cloud platform. To tackle the situation of securing user's cloud based data or files a new approach is being proposed here in this paper. Further, this paper also focuses on securing cloud based data from malicious insider attacks with the help of the proposed technique.
View
Framework for User Authenticity and Access Control Security over a Cloud
Article
Full-text available
  • Apr 2014
Cloud computing has emerged as a computing paradigm bringing forward many new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are not within the same trusted domain as data owners. Considering the user access control part, in recent years many new findings have been worked upon to provide better user access control while accessing services over a cloud. But the problem still remains unresolved and if resolved by some encryption/decryption methods are problematic in some way or the other. Here security issue related to user authentication and access control is addressed and given an insight into it, along with providing some valuable inputs which if implemented according to the plan proposed might come up with better solutions to user authentication and CSP’s critical data security issue. This paper mainly considers various points, like securing access to services of cloud users, protecting user credentials data files stored with CSP and other critical information related with CSP and cloud users.
View
Managing Security of Virtual Machine Images in a Cloud Environment
Conference Paper
Full-text available
  • Nov 2009
Cloud computing is revolutionizing how information technology resources and services are used and managed but the revolution comes with new security problems. Among these is the problem of securely managing the virtual-machine images that encapsulate each application of the cloud. These images must have high integrity because the initial state of every virtual machine in the cloud is determined by some image. However, as some of the enefits of the cloud depend on users employing images built by third parties, users must also be able to share images safely. This paper explains the new risks that face administrators and users (both image publishers and image retrievers) of a cloud's image repository. To address those risks, we propose an image management system that controls access to images, tracks the provenance of images, and provides users and administrators with efficient image filters and scanners that detect and repair security violations. Filters and scanners achieve efficiency by exploiting redundancy among images; an early implementation of the system shows that this approach scales better than a naive approach that treats each image independently.
View
On Technical Security Issues in Cloud Computing
Conference Paper
Full-text available
  • Jan 2009
The Cloud Computing concept offers dynamically scalable resources provisioned as a service over the Internet. Economic benefits are the main driver for the Cloud, since it promises the reduction of capital expenditure (CapEx) and operational expenditure (OpEx). In order for this to become reality, however, there are still some challenges to be solved. Amongst these are security and trust issues, since the user's data has to be released to the Cloud and thus leaves the protection-sphere of the data owner. Most of the discussions on this topics are mainly driven by arguments related to organizational means. This paper focuses on technical security issues arising from the usage of Cloud services and especially by the underlying technologies used to build these cross-domain Internet-connected collaborations.
View
Security Issues in Cloud Computing
Chapter
  • Jan 2011
The cloud is next generation platform that provides dynamic resource pooling, virtualization and high resource availability. It is one of today’s most enticing technology areas due to its advantages like cost efficiency and flexibility. There are significant or persistent concerns about the cloud computing those are impeding momentum and will compromise the vision of cloud computing as a new information technology procurement model. A general understanding of cloud computing refers to the concept of grid computing, utility computing, software as a service, storage in cloud and virtualization. It enables the virtual organization to share geographically distributed resources as they pursue common goals, assuming the absence of central location, omniscience and an existing trust relationship. This paper is a survey more specific to the different security issues that has emanated due to the nature of the service delivery models of a cloud computing system.
View
View
Classification of Security Issues and Solutions in Cloud Environments
Conference Paper
  • Dec 2013
Cloud computing is, nowadays, one of the most interesting topics in computer science. Also, in research, a lot of effort is concentrated on cloud computing security issues. In this paper, we classify different security issues into the different levels that exist in cloud environments. We also present different solutions to the security issues in the cloud according to the type of security they provide with. Privacy, integrity, accountability, and integrity are major topics that are raised when companies start considering the cloud as an alternative to having their IT internally managed. Therefore, it is important to have a broad view of the different security problems present in the cloud and the different solutions that researchers are working on.
View
An Empirical Investigation on the Simulation of Priority and Shortest-Job-First Scheduling for Cloud-Based Software Systems
Conference Paper
  • Jun 2013
Background: Given the dynamics in resource allocation schemes offered by cloud computing, effective scheduling algorithms are important to utilize these benefits. Aim: In this paper, we propose a scheduling algorithm integrated with task grouping, priority-aware and SJF (shortest-job-first) to reduce the waiting time and make span, as well as to maximize resource utilization. Method: Scheduling is responsible for allocating the tasks to the best suitable resources with consideration of some dynamic parameters, restrictions and demands, such as network restriction and resource processing capability as well as waiting time. The proposed scheduling algorithm is integrated with task grouping, prioritization of bandwidth awareness and SJF algorithm, which aims at reducing processing time, waiting time and overhead. In the experiment, tasks are generated using Gaussian distribution and resources are created using Random distribution as well as CloudSim framework is used to simulate the proposed algorithm under various conditions. Results are then compared with existing algorithms for evaluation. Results: In comparison with existing task grouping algorithms, results show that the proposed algorithm waiting time and processing time decreased significantly (over 30%). Conclusion: The proposed method effectively minimizes waiting time and processing time and reduces processing cost to achieve optimum resources utilization and minimum overhead, as well as to reduce influence of bandwidth bottleneck in communication.
View
View
Intrusion Detection in the Cloud
Conference Paper
  • Dec 2009
Intrusion detection systems (IDS) have been used widely to detect malicious behaviors in network communication and hosts. IDS management is an important capability for distributed IDS solutions, which makes it possible to integrate and handle different types of sensors or collect and synthesize alerts generated from multiple hosts located in the distributed environment. Facing new application scenarios in cloud computing, the IDS approaches yield several problems since the operator of the IDS should be the user, not the administrator of the cloud infrastructure. Extensibility, efficient management, and compatibility to virtualization-based context need to be introduced into many existing IDS implementations.Additionally, the cloud providers need to enable possibilities to deploy and configure IDS for the user. Within this paper, we summarize several requirements for deploying IDS in the cloud and propose an extensible IDS architecture for being easily used in a distributed cloud infrastructure.
View
A Practical Guide to Cloud Computing Security
  • Aug 2009
  • C Almond
C. Almond, "A Practical Guide to Cloud Computing Security," 27 August 2009.