The major security challenges to cloud computing.

Inam ul Haq, Muhammad

January 2013

Cloud computing is the computing model in which the computing resources such as software, hardware and data are delivered as a service through a web browser or light-weight desktop machine over the internet (Wink, 2012). This computing model abolishes the necessity of sustaining the computer resources locally hence cuts-off the cost of valuable resources (Moreno, Montero & Llorente, 2012). A distinctive cloud is affected by different security issues such as Temporary Denial of Service (TDOS) attacks, user identity theft, session hijacking issues and flashing attacks (Danish, 2011). The purpose of this study is to bridge the research gap between the cloud security measures and the existing security threats. An investigation into the existing cloud service models, security standards, currently adopted security measures and their degree of flawless protection has been done. The theoretical study helped in revealing the security issues and their solutions whereas the empirical study facilitated in acknowledging the concerns of users and security analysts in regards to those solution strategies. The empirical methods used in this research were interviews and questionnaires to validate the theoretical findings and to grasp the innovativeness of practitioners dealing with cloud security.With the help of theoretical and empirical research, the two-factor mechanism is proposed that can rule out the possibility of flashing attacks from remote location and can help in making the cloud components safer. The problem of junk traffic can be solved by configuring the routers to block junk data packets and extraneous queries at the cloud outer-border. This security measure is highly beneficial to cloud security because it offers a security mechanism at the outer boundary of a cloud. It was evaluated that a DOS attack can become a huge dilemma if it affects the routers and the effective isolation of router-to-router traffic will certainly diminish the threat of a DOS attack to routers. It is revealed that the data packets that require a session state on the cloud server should be treated separately and with extra security measures because the conventional security measures cannot perform an in-depth analysis of every data packet. This problem can be solved by setting an extra bit in the IP header of those packets that require a state and have a session. Although this change should be done at universal level and would take time; it can provide a protocol-independent way to identify packets which require extra care. It will also assist firewalls to drop bits which are requesting a session sate without a state-bit being set. The cloud security analysts should consider that the interface and authentication layer should not be merged into a single layer because it endangers the authentication system as the interface is already exposed to the world. The use of login-aiding devices along with secret keys can help in protecting the cloud users. Moreover, a new cloud service model “Dedicated cloud” is proposed in this research work to reinforce the cloud security. It was discovered that the optimal blend of HTTPS and SSL protocols can resolve the problem of session hijacks. The client interface area should be protected by HTTPS protocols and the secure cookies should be sent through a SSL link along with regular cookies. Disallowing the multiple sessions and the use of trusted IP address lists will help even further. A reasonable amount of care has been paid to ensure clarity, validity and trustworthiness in the research work to present a verifiable scientific knowledge in a more reader-friendly manner. These security guidelines will enhance the cloud security and make a cloud more responsive to security threats. / Program: Masterutbildning i Informatik

Information security

packet filtering

cloud interface

digital signatures

firewalls

ICMP ping attack

data integrity

Engineering and Technology

Teknik och teknologier

Architectures et mécanismes de fédération dans les environnements cloud computing et cloud networking / Architectures and federation mechanisms in cloud computing and cloud networking environments

Medhioub, Houssem

28 April 2015

Présenté dans la littérature comme une nouvelle technologie, le Cloud Computing est devenu incontournable dans la mise en place et la fourniture des services informatiques. Cette thèse s’inscrit dans le contexte de cette nouvelle technologie qui est en mesure de transformer la mise en place, la gestion et l’utilisation des systèmes d’information. L'adoption et la vulgarisation du Cloud ont été ralenties par la jeunesse même des concepts et l'hétérogénéité des solutions existantes. Cette difficulté d'adoption se manifeste par l'absence de standard, l'hétérogénéité des architectures et des API, le Vendor Lock-In imposé par les leaders du marché et des manques qui ralentissent la fédération. La motivation principale de la thèse est de simplifier l'adoption du cloud et la migration vers ses environnements et technologies. Notre objectif est de proposer des solutions d'interopérabilité et de fédération dans le Cloud. Le travail de recherche s’est aussi articulé autour de deux grands axes. Le premier concerne le rapprochement des réseaux du futur et des Clouds. Le deuxième axe concerne l'interopérabilité et la fédération entre solutions et services cloud. Une analyse de l’état de l’art sur le Cloud Computing et le Cloud Networking, a permis de confirmer des manques pressentis et de proposer deux architectures de fédération Cloud. La première architecture permet le rapprochement entre le Cloud Computing et le Cloud Networking. La seconde architecture facilite l'interopérabilité et le courtage de services Cloud. L'étude des deux architectures a fait ressortir deux composants primordiaux et essentiels pour assurer la fédération: une interface générique et un système d'échange de messages. Ces deux composants correspondent à deux contributions centrales de la thèse et reflètent l’ensemble des contributions (quatre au total) du travail de recherche / Presented in the literature as a new technology, Cloud Computing has become essential in the development and delivery of IT services. Given the innovative potential of Cloud, our thesis was conducted in the context of this promising technology. It was clear that the Cloud would change the way we develop, manage and use information systems. However, the adoption and popularization of Cloud were slow and difficult given the youth of the concepts and heterogeneity of the existing solutions. This difficulty in adoption is reflected by the lack of standard, the presence of heterogeneous architectures and APIs, the introduction of Vendor Lock-In imposed by the market leaders and the lack of cloud federation principles and facilitators. The main motivation for our PhD is to simplify the adoption of the cloud paradigm and the migration to cloud environments and technologies. Our goal has consequently been to improve interoperability and enable federation in the cloud. The thesis focused on two main areas. The first concerns the convergence of future networks and clouds and the second the improvement of federation and interoperability between heterogeneous cloud solutions and services. Based on our work in state of the art about Cloud Computing and Cloud Networking, we defined in this thesis two architectures for Cloud federation. The first architecture enables the merging (convergence) of Cloud Computing and Cloud Networking. The second architecture addresses interoperability between services and proposes cloud-brokering solutions. The study enabled the identification of two essential components for cloud federation, namely: a generic interface and a message exchange system. These two components have been two contributions of our thesis. The proposed federation architectures and these two components summarize the four major contributions of our work

Cloud computing

Cloud networking

Cloud hybride

IaaS

PaaS

Fédération

Interopérabilité

Interface Open Cloud

Cloud computing

Cloud networking

Hybrid cloud

IaaS

PaaS

Federation

Interoperability

Open Cloud interface