Cloud Computing Infrastructure
- 4th Sep, 2020
- 15:08 PM
Presently cloud computing is developing at a fast pace. It is a recent technology with unlimited potential in areas like IT, military, transportation, home defense, entertainment, education, and smart spaces. Marinescu (2017) commented that it is a pay-as-you-go pricing model that acts as one of its fundamental advantages where customers only pay for the services used by them.
In recent years, thorough research has been done, and surveys have been carried out as cloud security, an area of active research. Various renowned authors have proposed various effective technologies for providing security in cloud data and information. In cloud computing, the most challenging research work that is going on is access control and data security, since many users outsource their data to the cloud providers. The methods for generating keys are to be chosen before choosing various encrypted technologies.
Amin et al. (2018) examine the basic problem faced in distributed computing of information security. By examining the HDFS structure, the author got necessary information on the security of distributed computing hence setting up a requirement for an information model for its computing. The author then assembles a security model for extracting information where the security structure is depicted by three levels, which include encryption, confirmation, and quick recuperation.
Kaur (2017) states the various issues faced by cloud computing in the security areas of the SPI Model. This author also identifies the key security vulnerabilities and challenges found in cloud computing areas by investigating the relationship between immediate dangers, key vulnerabilities, and countermeasures.
Singh et al. (2016) present a moderate server termed as Proxy server found between the customer profile framework and cloud servers, which sends sham information by hindering the interlopers and breaking their practices. As a result, the appeal which the interlopers found in the substitute servers won't change to central servers. Intrusion Detection System (IDS) helps diminish the effects of Denial of Service (Dos) or Distributed Denial of Service (DDoS) in the system.
1.1 Cloud Service Models
Markova et al. (2019) state that the cloud provides data storage and data accessibility on the internet instead of the hard drives in our computers. The type of services provided by a vendor to its customers depends on the number of resources exposed over the network. Most of the services which are provided by a cloud fall under one of the three categories which are as follows:
1.1.1 Software-as-a-Service (SaaS) - As commented by Daši? et al. (2016), customers use the cloud infrastructure and platforms with software applications provided by the vendors. The users have access to end-user applications via a web browser so that there is no need for maintaining and installing additional software. The software applications, operating systems, and computer hardware are typically maintained and controlled by the vendors, whereas application configurations are controlled and maintained by customers only. Examples include google docs, Gmail, Google, etc.
1.1.2 Platform-as-a-Service (PaaS): As commented by Bokhari (2016), the vendors' operating systems, service infrastructure, and server applications used by the customers are provided. For deploying user-made web applications, this model lets the customers use the cloud infrastructure of the vendors. Operating systems, computer hardware, and server applications are controlled and maintained by the vendors here, whereas only the software applications are controlled and maintained by the customers. Examples include: google app engine, force.com, etc.
1.1.3 Infrastructure-as-a-Service: As commented by Daši? et al. (2016), the hardware which consists of storage data, processing of CPU and connectivity of networks is provided by the vendor. By using visualization software, the vendor shares its hardware amongst multiple Cloud Service Customers (CSC). Customers are allowed to control the operating systems and software of their choice, but the computer hardware is typically controlled and maintained by the vendor. Examples include GoGrid, Rackspace Cloud, etc.
1.2 Cloud Deployment Models:
Diaby & Rad (2017) stated that the deployment model is yet another factor that changes the amount of exposure in a given cloud network. It refers to how the cloud network is structured. It consists of four main models:
1.2.1 Public Cloud: here, the vendor's cloud is used by a CSC by sharing publicly via the internet and various other CSCs.
1.2.2 Private Cloud: here, the cloud services are exclusively used by CSC, which in turn are located either in the CSC premises or off the site and also which are managed by CSC or CSP.
1.2.3 Community Cloud: here, several CSCs with the same security requirements are shared by a private cloud which attempts to get the maximum benefits in the security of a private cloud and maximum benefits in the economy of a public cloud.
1.2.4 Hybrid Cloud: it consists of any possible combination of the deployment mentioned above models.
Security Threats and Vulnerabilities of Cloud Computing:
Islam et al. (2016) stated that the different delivery cloud models used by the cloud users could vary according to the threats imposed on the assets residing in the cloud. The various types of challenges in security to which the computing of the cloud is vulnerable are categorized according to:
Cloud security threats related to confidentiality: This includes the following threats in terms of confidentiality:
- Threats from the insiders, which includes malicious cloud customer threats, malicious service providers of cloud, malicious third party user threats.
- Threats from external attackers, which include the attack on the cloud infrastructure by software, the cloud application is attacked by software, attacks on hardware against the cloud, and attacks on both against the user organization of the cloud and CSP engineering and cloud customer.
- Threats from leakage of data include failure of security rights through several domains and failure in physical and electronic systems in transportation.
Cloud security threats related to availability: This includes the following threats related to availability:
- Threats due to change in management include penetration impacting and testing cloud customers, infrastructure changes amongst the provider, the customer, and the third party.
- Threats due to service denial include denial of services in the distributed network, service denial by network DNS, service denial for application, and data.
Cloud security threats related to integrity: This includes the following threats related to integrity:
- Threats due to data segregation include incorrect security perimeters and incorrect virtual machine configurations.
- Threats due to user access, which includes poor procedures of identity and access management.
- Threats due to the quality of data, which includes the introduction of incomplete applications and components.
Security Countermeasures in Cloud Computing Environment:
- Communication issues countermeasures: For securing the network and communication, the guidelines provided by the CSA recommend the combined use of LANs, IDS, IPS, and also firewalls for protecting the transit data.
- Architecture security countermeasures: The security challenges faced by cloud computing are practically carried out by security assessment. The cloud architecture consists of different security components, namely Access Management, Security for Storage, etc., which help provide secure cloud computing.
- Amin, R., Kumar, N., Biswas, G. P., Iqbal, R., & Chang, V. (2018). A lightweight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment. Future Generation Computer Systems, 78, 1005-1019.
- Daši?, P., Daši?, J., & Crvenkovi?, B. (2016). Service models for cloud computing: Search as a service (SaaS). International Journal of Engineering and Technology (IJET), 8(5), 2366-2373. Retrieved from: http://www.academia.edu/download/50310854/IJET16-08-05-034.pdf.
- Diaby, T., & Rad, B. B. (2017). Cloud computing: a review of the concepts and deployment models. International Journal of Information Technology and Computer Science, 9(6), 50-58.
- Islam, T., Manivannan, D., & Zeadally, S. (2016). Classification and characterization of security threats in cloud computing. Int. J. Next-Gener. Comput, 7(1), 268-285.
- Kaur, P. (2017). A simplified approach of the SPI Service Model in Cloud Computing. International Journal of Innovative Computer Science & Engineering, 4(5). Retrieved from:https://ijicse.in/index.php/ijicse/article/download/131/126.
- Marinescu, D. C. (2017). Cloud computing: theory and practice. Morgan Kaufmann. Retrieved from:http://www.dcs.bbk.ac.uk/~DELL/teaching/cc/book/cctp/cctp_ch2a.pdf.
- Markova, O., Semerikov, S., Striuk, A., Shalatska, H., Nechypurenko, P., & Tron, V. (2019). Implementation of cloud service models in training of future information technology specialists.