Research Survey

Document Sample
Research Survey Powered By Docstoc
					Research
Survey
Security:
Cloud Computing

Laquata Sumter
Contents
Abstract ...........................................................................................................................................3

1. INTRODUCTION ......................................................................................................................3

   1.1        Background ......................................................................................................................3

   1.2        Opportunities for Advancement .....................................................................................6

   1.3        Rationale for Research Area Selection ..........................................................................6

2. RELATED WORK....................................................................................................................7

   2.1        Towards Trusted Cloud Computing ...............................................................................7

   2.2        CloudViews .....................................................................................................................8

   2.3        Trading Storage for computation....................................................................................8

   2.4        Private Virtual Infrastructure ..........................................................................................9

3. Proposed Work ..........................................................................................................................9

   3.1        Problem Statement ..........................................................................................................9

   3.2       Contribution of this Work ................................................................................................9

   3.3. Research Approach.........................................................................................................10

   3.4 Evaluation Methodology ....................................................................................................10

REFERENCES CITED ................................................................................................................11
Abstract
With the rise of the era of “Cloud Computing”, “Internet Security” continues to rise with it.

How will customers of the “cloud” know that there information will be available, as well as

secure and safe? NC State Secure Open Systems Initiative [ 27] involves watermarking of the

images and data to ensure verifiable integrity.


To address this problem we propose the design of a system that will capture the movement of

information on the cloud. We will identify the need for a capture device on the cloud. Using

this capture tool will allow user to know that their information is secure and safe from threats

and attacks.


1. INTRODUCTION

1.1    Background
There are various types of computing that came to the development of Cloud Computing. In
the early 1990’s Grid Computing was known as the peer-to-peer networking; allowing super
and virtual computers to form a network to perform very large tasks.[12] Following Grid
Computing, in 1961 the idea of Utility Computing started. The idea died for a couple of
years then resurfaced in 1998 by Hewlett Packard. Utility Computing is also known as an on
demand service, were customers access computers in a data center via private lines or over
the internet.[25] The title came from how the service is a metered service similar to a
traditional public utility, such as electricity. Users pay for their time based on the CPU
seconds, minutes, and hours. Some say that Utility Computing evolved into “Cloud
Computing”.[25] The Autonomic Computing is another term that came about before “Cloud
Computing” surfaced. Computer systems and networks that configure themselves to
changing conditions and are self healing in their event of failure [18] are known as
Autonomic Computing. This service requires little to no human interaction with the system.
SaaS(Software-As-A-Service ) is a service that allows software to be rented rather than
purchased.[18] Providers license an application to the customers for use as a service on
demand. The customers have a contracted amount of time that they are able to use the
software. After the contracted time has expired, the customer has the choice to renew the
contract or no longer use the licensed software.


The term “Cloud” of Cloud Computing represents the internet. The Cloud is the
communications network or a network combined with computing infrastructure.[7] Often in
networking diagrams the cloud represents a communications network without specific details
of it architecture. See Figure 1.




Figure 1



It is often said that the word “cloud” in Cloud Computing is being borrowed from Telecom
Cloud. Telephone companies offered companies Virtual Private Networks (VPNs) service
for data communications to their servers. Cloud Computing is using web server facilities of a
third party provider on the internet to store, deploy, and run applications.[7] Some experts
see Cloud Computing as a service, a platform, and even an operating system.


Cloud Computing started back in the 1960’s when J.C.R. Licklider introduced the
“Intergalactic Computer Network”. This was said to be the beginning of the internet. Many
say that the cloud concept was introduced by Computer Scientist John McCarthy, who
proposed the idea of computation being delivered as a public utility.[18] But, Salesforce.com
in 1999 was the first to deliver the use of applications via a simple website. In the early
2000’s companies such as Microsoft, IBM, and Amazon started extending Cloud Computing
services. Microsoft started by using SaaS through web services. Amazon launched the big
development of Amazon Mechanical Turk, which provided users with access to an on
demand workforce. In 2006, Amazon made the launch of the Elastic Compute Cloud (EC2)
as a commercial web service that allows small companies and individuals to rent computers
on which the run their own applications.[18] Google & IBM started research on Cloud
Computing by using research institutes such as Carnegie Mellon, Stanford University,
Berkeley, the University of Maryland, the University of Washington, and Massachusetts
Institute of Technology.[15] These institutions allowed the companies to build large data
centers that students could tap into over the internet to program and research remotely.[16]
Now, the big evolution was the launch of Web 2.0 in 2009, which allows users to us services
such as Google apps and docs allowing them to us browser based enterprise applications.
Recently, the government has launched an initiative to pilot Cloud Computing projects in the
fiscal year 2010. It is said that this initiative is to make it simple for agencies to procure the
applications they need. The question was asked by an employee of the Nasa’s Ames
Research Center, “Why should the government pay for the building infrastructure that may
be available for free?”.[9] With the brand new Apps.gov website, the Obama administration
has already started a move to the cloud computing initiative. See Figure 2.




Figure 2
1.2    Opportunities for Advancement
Cloud Computing by many seem to be the next era of the internet. Many see it as the take
over for the desktop, but before that can happen a couple of issues have to be addressed, such
as security, dominating of companies and legal issues.

The security of Cloud Computing has even been raised by the federal government. The
Federal Trade Commission Office is looking to halt "unfair or deceptive acts or practices,
"meaning that if cloud computing is not unfair or deceptive, the FTC would likely not have
jurisdiction.[9] The FTC question if information being stored flowing across the border will
be accessible being that it has change jurisdiction. In March 2009 EPIC asked FTC to put a
halt on Gmail, Google Docs, Google Calendar and the company’s other Web apps until the
government approved.[9]

Many are concerned that the information being stored on the servers of Cloud Computing
providing is safe from hacking, data breaches and viruses. Several companies have been
victims of data breach. For example, Google recently had to apologize for when its Gmail
service collapsed in Europe.[3] With the continued warm use of the World Wide Web, it is
becoming more attractive to cyber cooks. Companies have to realize the risk of their users’
information being threatened and conduct more research on the security of Cloud
Computing.

Companies try to dominate the cloud by increasing the competition. Just like right now
current computer companies are in competition trying to produce the best computer to
computer users. Cloud Computing companies are trying to provide the best cloud service to
users. To help their services Amazon has started renting out of cloud-based computing
capacity. Some companies are trying to offer a larger amount of space for a cheaper cost. The
question is how do you chose which service is the best for your company?

1.3    Rationale for Research Area Selection
Often advance web customers ask if there is a way to save their information and be able to
retrieve it where ever they are without having to use their laptop or pc. This brought about a
great interest to me. With doing research to address the issues of my customers I found Cloud
Computing to be one of the hot topics of the web today.

Cloud Computing is an interesting topic because it seems to be the new era of the World
Wide Web. With the world becoming a more technical world, Cloud Computing is going to
assist with that. Also, it is going to help with go green initiative in the world. Cloud
Computing could be used as a service or as a platform. The only drawback that I see with
Cloud Computing is that it needs an internet connection, but that is not going to be too much
of a problem as the world continue expand on the HotSpots in areas.


2. RELATED WORK
With Cloud Computing being a fairly new term to the internet world there are still a lot of
questions about what some many call common issues for world of internet. In the following
subsections, more details are given about some of these questions such as security and cost.
These are currently the top research project being conducted.

2.1    Towards Trusted Cloud Computing
The Max Planck Institute for Software Systems designed the Trusted Cloud Computing
Platform (TCCP). TCCP enables Infrastructure as a Service (IaaS) providers such as Amazon
EC2 to provide a closed box execution environment that guarantees confidential execution of
guest virtual machines.[22]

The main focus of this research is to allow users to see that their information/data isn’t being
tampered with. Infrastructure as a Service is on the lower layers of services that cloud
providers offer. Companies like Amazon and GoGrid allow their customers to have access to
entire Virtual Machines hosted by the provider. Confidentiality of computation is difficult to
guarantee as you go up the layers of services that cloud providers offer. In this research the
researchers stay on the lower layer because it was more manageable. A lot of this research
was based on Eucalyptus, an open source IaaS platform similar to Amazon EC2.

The TCCP includes two components: a trusted virtual machine monitor (TVMM) and a
trusted coordinator (TC). The TVMM protects its own integrity over time, and complies with
the TCCP protocols. The TC manages the set of nodes that can run a customer’s VM
securely. We call these nodes trusted nodes. To be trusted, a node must be located within the
security perimeter, and run the TVMM.[22] To secure the VMs, each TVMM running at
each node cooperates with the TC in order to 1) confine the execution of a VM to a trusted
node, and to 2) protect the VM state against inspection or modification when it is in transit on
the network. The critical moments that require such protections are the operations to launch,
and migrate VMs. [22]

2.2    CloudViews
Security is a main concern with cloud computing. The question posed by many is, “if their
information is being shared by anyone else on the same cloud resource”.

The University of Washington started research to create CloudViews it is a Hadoop HBase
supported common storage system to facilitate collaboration through protected inter-service.
In order to present this Web service researchers construct a model containing seamless Web
services living inside the cloud’s ecosystem.[11]

2.3    Trading Storage for computation
One thing that companies are looking for when they are choosing their Cloud Computing
service provider is the best service for the cheapest cost. The University of California, Santa,
NetApp and Pergamim Systems are working to find out if trade-offs between storing data,
even data that may not be used often, will cut back on the cost of saving data. [5]

Researchers start their research by first understanding the conditions that make
recomputation possible. Secondly, they conduct a Cost Analysis Model to choose the most
efficient strategy for dealing with computed results. Next, they performed a search of
companies to see who would be willing to trade-off data for computation. Provenance Aware
Storage Systems (PASS) a company that knows how data is generated, provided a number of
low level facilities needed to trade computation for storage space. Companies like this can
provide a lot of support for analyzing the feasibility and cost of re-computation.

Researchers have come to the conclusion that computation can be used in the place of
storage. [5]
2.4    Private Virtual Infrastructure
Researcher John Krautheim from the University of Maryland, Baltimore County is also
addressing the security and confidentiality concern that many have about Cloud Computing.

Krautheim designed the Private Virtual Infrastructure cloud security so that users would have
security over their information and the providers would have security over the fabric of the
server. The level of agreement between the user and the provider is very important, because
they are providing the responsibilities of all parties. To monitor the security of both parties
Krautheim created LoBots.[5] This serve provides a continued monitoring of the cloud
environment and communicates to the PVI factory having them aware of special situations.
(PVI) With this service Krautheim hopes to increase security while lowering the overall cost
of ownership for IT infrastructure.


3. Proposed Work

3.1    Problem Statement
As the world of the “Cloud” become more popular, “Cloud” security is also on the
rise. There has been a rise on the awareness of security for Web 2.0 technologies such
as social networks, instant messaging wikis, blogs, RSS, widgets, and gadgets. Questions
come to mind like, “is the cloud computing a security threat to users & their
information”, and “how will the customers be able to know that their information is secure”
and “what are the standards and the metrics we will use to define security in a web 2.0
world”. To solve the above questions, we will design a “Cloud Security Capture
Application”.

3.2     Contribution of this Work
With “Cloud” security as one of the important factors of Cloud Computing, it is important to
be able to show users that their information is secure. To effectively address and prevent
security breaches requires a continuous monitoring system. The “Cloud Security Capture
Application” will allow users access to monitor their information on the server and also
assure them that it is not being tampered with. When this application is in operation it will
minimize the question of whether or not the information is secure.

Some may say that this application is not needed do to the usage of security limits on the
servers which prevent hackers from entering the system. But, just a banks use security guards
they still us security cameras to capture all activities should a break-in occur. The capturing
device not only shows the users their information is safe, it also can be used to help
investigators solve problems of information breaches, should it take place.

3.3.   Research Approach
In order for “Cloud Security Capture Application” to function properly there has to be couple
of steps used to design the application. First, there has to be sequences of test perform to
understand what security issues are related to “Cloud Computing” and the data holding
servers. We next have to understand the usage of applications used to access the “Cloud”.
Following that we have to design a flow chart layout of what the application will capture.
Next, the research of privacy acts has to be done. We have to know the limits that we have on
accessing the users’ information that is stored on the server. Finally, the design and the
requirements of the application have to be documented.

3.4    Evaluation Methodology
To prove that this application is has minimized the problems concerning the “Cloud”
security, we will first test the application on a offline server; then move the application to an
online server and try to breach the information off of the server. Following those actions, we
will allow students to use the application and set up a mock breach of information trial. The
will then allow users to view the logs of the activity that has been performed on the server.
This test will not be completed in a short amount of time. There has to be a number of test
ran to prove that the application will not allow the information of users to be breach and it
will also capture the images of activity on the server.
REFERENCES CITED
     1. Adams, I., Long, D., & Miller, E. (n.d.). Maximizing Efficiency by Trading
        Storage for Computation. Retrieved October 15, 2009, from Hot Cloud 09:
        http://www.usenix.org/events/hotcloud09/tech/full_papers/adams/adams.pdf

     2. Amazon Elastic Compute Cloud (Amazon EC2). (n.d.). Retrieved September
        29, 2009, from Amazon Inc: http://aws.amazon.com/ec2

     3. Binnings, D. (2009, April 24). Top five cloud computing security issues.
        Retrieved October 16, 2009, from ComputerWeekly:
        http://www.computerweekly.com/Articles/ArticlePage.aspx?ArticleID=23578
        2&PrinterFriendly=true

     4. Brodkin, J. (2008, July 02). Gartner: Seven cloud-computing security risks.
        Retrieved October 14, 2009, from InfoWorld:
        http://www.infoworld.com/d/security-central/gartner-seven-cloud-computing-
        security-risks-853

     5. Brown, B. (2009, 06 10). 5 Cool Cloud Computing Research Projects.
        Retrieved 09 2, 2009, from NETWORKWORLD:
        http://www.networkworld.com/news/2009/061009-cloud-computing-research-
        projects.html?page=2

     6. Chandra, A., & Weissman, J. (n.d.). Nebulas: Using Distributed Voluntray
        Resorces to Build Clouds. Retrieved October 14, 2009, from Hot Cloud:
        www.usenix.org/event/hotcloud09/tech/full_papers/chandra.pdf

     7. Cloud. (n.d.). Retrieved October 14, 2009, from TechEncyclopedia:
        http://www.techweb.com/encyclopedia?term=cloud&x=0&y=0

     8. Cloud Computing. (n.d.). Retrieved October 14, 2009, from
        TechEncyclopedia:
        http://www.techweb.com/encyclopedia?term=Cloud+Computing&x=0&y=0

     9. Condon, S. (2009, March 17). FTC questions cloud-computing security.
        Retrieved 16 October, 2009, from Cnet News: http://news.cnet.com/8301-
        13578_3-10198577-38.html

     10. Dell Cloud Computing Solutions. (n.d.). Retrieved September 30, 2009, from
         Dell Solutions: http://www.dell.com/cloudcomputing

     11. Geambasu, R., Gribble, S., Levy, H., & Washington, U. o. (n.d.). CloudViews:
         Communal Data Sharing in Public Clouds. Retrieved October 15, 2009, from
   Hot Cloud 09:
   http://www.usenix.org/events/hotcloud09/tech/full_papers/geambasu.pdf

12. Grid Computing. (n.d.). Retrieved October 14, 2009, from TechEncyclopedia:
    http://www.techweb.com/encyclopedia?term=grid%20computing

13. Gruman, G., & Knorr, E. (2008, April 07). What cloud computing really
    means | Cloud Computing. Retrieved October 14, 2009, from InfoWorld:
    http://www.infoworld.com/d/cloud-computing/what-cloud-computing-really-
    means-031

14. Jones, T. M. (2008). Cloud Computing with Linux from IBM.
    DeveloperWorks .

15. Lohr, S. (2007, October 8). Google and I.B.M. Join in ‘Cloud Computing’
    Research. Retrieved October 14, 2009, from The New York Times:
    http://www.nytimes.com/2007/10/08/technology/08cloud.html?_r=2&ex=134
    9496000&en=92627f0f65ea0d75&ei=5090&partner=rssuserland&emc=rss&o
    ref=slogin

16. Lohr, S. (2008, July 29). The Virtuous Competition in Cloud Computing
    Research - Bits Blog. Retrieved 15 October, 2009, from The New York
    Times: http://bits.blogs.nytimes.com/2008/07/29/the-virtuous-competition-in-
    cloud-computing-research/

17. Miller, R. (2008, March 25). What's In A Name? Utility vs. Cloud vs. Grid.
    Retrieved September 29, 2009, from Data Center Knowledge:
    http://www.datacenterknowledge.com/archives/2008/03/25/whats-in-a-name-
    utility-vs-cloud-vs-grid/

18. Mohamed, A. (2009, March 27). A History of Cloud Computing. Retrieved
    October 15, 2009, from ComputerWeekly:
    http://www.computerweekly.com/Articles/2009/03/27/235429/a-history-of-
    cloud-computing.htm

19. Mohamed, A. (2009, January 20). Security trends for 2009. Retrieved October
    16, 2009, from ComputerWeekly:
    http://www.computerweekly.com/Articles/ArticlePage.aspx?ArticleID=23431
    6&PrinterFriendly=true

20. Nations, D. (n.d.). What is Cloud Computing? Examining and Defining Cloud
    Computing. Retrieved October 16, 2009, from About.com:
    http://webtrends.about.com/od/enterprise20/a/cloud-computing.htm
21. Nurmi, D., Wolski, R., Grzegorcyzk, C., Obertelli, G., Soman, S., Youseff, L.,
    et al. (2008). Eucalyptus: A Technical Report on an Elastic Utility Computing
    Archeitecture Linking Your Programs to Useful Systems. UCSB Computer
    Science .

22. Santos, N., Gummadi, K., & Rodrigues, R. (n.d.). Towards Trusted Cloud
    Computing. Retrieved October 15, 2009, from Hot Cloud 09:
    http://www.usenix.org/events/hotcloud09/tech/full_papers/santos.pdf

23. Schneider, L. (n.d.). What is Cloud Computing? Retrieved 09 16, 2009, from
    About.com:
    http://jobsearchtech.about.com/od/historyoftechindustry/a/cloud_computing.ht
    m

24. The Top Cloud Computing Solutions people are looking for in 2009– Survey
    by onCloudComputing.com. (2009, July 6). Retrieved September 28, 2009,
    from onCloud Computing:
    http://www.oncloudcomputing.com/en/2009/07/the-top-cloud-computing-
    solutions-people-are-looking-for-in-2009%E2%80%93-survey-by-
    oncloudcomputingcom/

25. Utility Computing. (n.d.). Retrieved October 14, 2009, from
    TechEncyclopedia:
    http://www.techweb.com/encyclopedia?term=Utility+Computing&x=25&y=1
    1

26. Wood, M. (2009, March 24). Basics of Cloud Computing. Retrieved October
    14, 2009, from Gantthead:
    http://www.gantthead.com/content/articles/248270.cfm

27. Secure Open Systems Initiative. (n.d.). Retrieved November 17, 2009, from
    www.sosi.ncsu.edu