Cloud computing has been envisioned as the next-generation architecture of IT enterprise. In contrast to traditional solutions, where the IT services are under proper physical, logical, and personnel controls, cloud computing moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy. This unique attribute, however, poses many new security challenges that have not been well understood. In this article, we focus on cloud data storage security, which has always been an important aspect of quality of service. To ensure the correctness of users' data in the cloud, we propose an effective and flexible distributed scheme with two salient features, opposing to its predecessors. By utilizing the homomorphic token with distributed verification of erasure-coded data, our scheme achieves the integration of storage correctness insurance and data error localization, i.e., the identification of misbehaving server (s). Unlike most prior works, the new scheme further supports secure and efficient dynamic operations on data blocks, including data update, delete, and append. Extensive security and performance analysis shows that the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.
Current cloud System:
From the perspective of data security, which has always been an important aspect of
quality of service, Cloud Computing inevitably poses new challenging security
threats for a number of reasons.
These techniques, while can be useful to ensure the storage correctness without having users possessing data, can not address all the security threats in cloud data storage, since they are all focusing on a single server scenario and most of them do not consider dynamic data operations. As a complementary approach, researchers have also proposed distributed protocols for ensuring storage correctness across multiple servers or peers. Again, none of these distributed schemes is aware of dynamic data operations. As a result, their applicability in cloud data storage can be drastically limited.
- Broad
Network Access
- Resource
Pooling
- Rapid
elasticity
- Measured
Service
- On-demand
self-service
Why is cloud security considered hard?
Cloud security is considered challenging is potentially due to the lack of full control of the environment. A cloud environment is a giant resource pool, it affects the ability of the organization to verify the efficacy of their security controls. While adding a cloud-based server to any organization’s workflow.
System Architecture:
Cloud best friend –Virtualization
Virtualization is to run multiple operating systems together on a single hardware. We can run Windows & Linux together simultaneously in a single box without having to worry about much.
Ring Architecture in cloud
User application has very limited privileges where tasks are performed by the operating system code. In this architecture os and CPU work together.
Below we can
understand the privileges levels starting from 0 to 3 0 is (most privileged) 3
is (least privileged) and there are three important resources that are
protected, memory, I/O ports, and ability to run machine-level instructions. If
a user wants to open a file and transfer data over the network and allocate
memory for the program, it will have to ask the kernel to allow it and this is
why the kernel has full control over the program.
Hardware
Virtualization
The x86- based operating system which is also known as x86 architecture is a set of architecture developed by Intel corporation in which it defines how a processor handles 7 executes different instructions.
Enterprise virtualization with ovirt
Ovirt is the open-source virtualization management
platforms that were founded by Red-Hat as a community project. Virtualization
is genuinely one of the fundamental parts of cloud environments.
There are four main components of virtualization
software used for large scale applications
Virtualization Engine: The virtualization engine is
responsible for deployment monitoring followed by start & stop, creation of
virtual machine along with configuration relation to storage network and many
more.
Risk
assessment in cloud
European Union agency for network & information security
(ENISA) a framework is designed for the organization who plan to evaluate risk
related to cloud computing technology.
Various points mentioned in the ENISA framework will
help an organization to evaluate appropriate cloud providers.
Service
Level Agreement
Service level agreement is between a service provider
& client and it basically defines the level of service expected from the
service provider.
Service provides have clauses such as beyond our
control to compensate for disaster or events beyond their control. In the SLA
there is also a term called indemnification. ISP has an SLA of 99.9995 %
uptime to the customers.
SLA has four major aspects
- Availability
- Performance/Maximum
Response Time
- Meantime
between failures(MTBF)
- Meantime to
repair(MTTR)
|
Cloud Providers |
Service Level Agreement |
|
Amazon EC2 |
99.98% |
|
Rackspace |
100% |
|
Microsoft Azure |
99.95% |
|
Linode |
99.99% |
For more latest courses and topics visit our website
www.skillbakery.com
Hello, my name is Jack Sparrow. I'm a 50 year old self-employed Pirate from the Caribbean.
No comments:
Post a Comment