20-07-2012, 12:03 PM
VIRTUALIZATION-LEVEL SECURITY IN CLOUD COMPUTING
VIRTUALIZATION-LEVEL SECURITY .docx (Size: 197.08 KB / Downloads: 102)
ABSTRACT
Cloud computing is one of today's most exciting technology because of its cost-reducing, flexibility, and scalability. With the fast growing of cloud computing technology, Data security becomes more and more important in it.
In evaluating whether to move to cloud computing, it is important to compare benefits and also risks of it. Thus, security and other existed issues in the cloud cause cloud clients need more time to think about moving to cloud environments. But Security-related topics is one of the most arguable issues in the cloud computing which caused several enterprises looks to this technology uncertainly and move toward it warily.
In this paper I summarized cloud computing RAS (Reliability, Availability, and Security) issues and also clarify available solution for some of them. In this paper I try to summarize virtualization level of cloud computing security in detailed view.
1. INTRODUCTION
Cloud computing is a network-based environment that focuses on sharing computations and resources. Basically, clouds are Internet-based and try to disguise complexity for Client.
Cloud providers use virtualization technologies combined with self-service abilities for computing resources via network infrastructure especially the Internet. In cloud environments multiple VMs (VM) hosted on the same physical server as infrastructure. In cloud, costumers only have to pay for what they use.
Cloud computing refers to both the applications delivered as services over the Internet and the hardware and systems software in the datacenters that provide those services.
2. VIRTUALIZATION COMPONENTS
Virtualization is one of most important elements that makes Cloud computing. Virtualization is a technology to helping IT organizations optimize their application performance in a cost-effective manner, but it can also present its share of application delivery challenges that cause some security risks.
Most of the current interest in virtualization revolves around virtual servers in part because virtualizing servers can result in significant cost savings. The phrase VM refers to a software computer that, like a physical computer, runs an operating system and applications.
An operating system on a VM is called a guest operating system. A layer called a VM monitor or manager (VMM) creates and controls the VM's other virtual subsystems (see Figure 1).
A. HYPERVISOR
A hypervisor is one of many virtualization techniques which allow multiple operating systems, termed guests, to run concurrently on a host computer, a feature called hardware virtualization. It is so named because it is conceptually one level higher than a supervisor. The hypervisor presents to the guest operating systems a virtual operating platform and monitors the execution of the guest operating systems.
Multiple instances of a variety of operating systems may share the virtualized hardware resources. Generally, Hypervisor is installed on server hardware whose only task is to run guest operating systems (See Figure 3).
3. VIRTUALIZATION APPROACHES
In the traditional environments which consist of several physical servers that connected by a physical switch, IT organizations can get detailed management information about the traffic that transmits between the servers from the physical switch. Unfortunately, that level of information management is not provided typically by a virtual switch (The virtual switch has links from physical switch via physical NIC that attach to VMs).
The resultant is lack of visibility into the traffic flows between and among the VMs on the same physical level that impacts security performance. There are several common approaches to virtualization with differences in how they have control over the VMs.
A. OPERATING SYSTEM BASED VIRTUALIZATION
In this approach (Figure1), Virtualization is enabled by a hosting operating system that supports multiple isolated and virtualized guest OS on a single physical server with this characteristic that all are on the same operating system kernel with has control on Hardware infrastructure Exclusively. The hosting operating system has visibility and control over the VMs. This approach is simple but it has vulnerabilities. For example, an attacker can inject kernel scripts in hosting operating system and this can cause all guest OS have to run their OS on this kernel. The result is attacker have control over all VMs that exist or will establish in future.