09-07-2013, 03:35 PM
Cloud computing & Intrusion Tolerance with SOA: A Survey
Cloud computing.doc (Size: 550.5 KB / Downloads: 24)
Abstract
Various emerging technologies have been developed to protect the systems against the intrusions made by un-authorized person or by an authorized person accessing unauthorized privilege. Cloud computing can be the best intrusion tolerant system when combined with SOA (service oriented architecture).semantic web can also be used as intrusion tolerant system with certain limitations.
Service oriented architecture when combined with cloud technology results in secure and robust system against intrusion, which gives data protection and is also responsible for defence in depth.
INTRODUCTION
History shows that attacks can never be completely prevented. It can only be avoided up to some extent. Thus the system is needed which has the multiple layers of defence. The evolution of information technology has enabled us to use different new technologies such as Cloud Computing, SOA and Semantic Webs. Cloud computing provide us with “on-click”computing power or the storage, and the SOA enables us to use the building blocks of the software as services. Whereas the semantic webs uses the automated processing agents to perform the task which needs human comprehension. Many researchers have been implementing various security mechanisms for providing defence in depth. Classical work of security has been classified into two main types as 1.Intrusion Prevention: Preventing or avoiding malicious attacks.
INTRUSION TOLERANCE SYSTEM
The main motivation of providing the Tolerant system is to maintain the properties of security as Confidentiality, Integrity and Authenticity.
The question arises how we can maintain Confidentiality, Integrity or Authenticity after being attacked. The Intrusion Tolerant system can still assume that the system is vulnerable despite of compromising some components of the system. The fault, error and failure of the system are correlated. Fault in the system occurs when it achieves a stage that is undesirable. When fault occurs it causes the error and when error propagates it causes the failure of the system. We can describe the this fault, error and failure Model for the system as follows,
SECURITY CONSTRAINTS
The cloud computing delivers the services on internet that is “on click” and dynamically loaded. But when it is delivered to user or consumer end to end security is not considered. The places where end user interaction is not considered may need some attention. The violation of privacy can be there with SOA accessing a cloud, thus with combined approach of these technologies it is easier to tolerate the intrusion that can likely to occur in the system. The combined approach can result in providing service-oriented security as everything is available as a service on demand. The mark-up language can be used to provide Information and Data security, authentication can also be provided with medadata. It is also possible to trust the system in terms of assurance.
CONCLUSION
The on demand availability of resources or services and the software building blocks of SOA, these features of SOA and cloud computing helps to design a system which is intrusion tolerant. The use of semantic webs as automated agents overcomes the human deficiency. This paper concludes how existing technologies when combined results in secured system and it can be easily implemented further with future trends.