Refine
Document Type
- Article (reviewed) (1)
- Conference Proceeding (1)
- Master's Thesis (1)
Conference Type
- Konferenzartikel (1)
Language
- English (3)
Keywords
- Cloud Computing (3) (remove)
Institute
Open Access
- Closed Access (3) (remove)
Cloud computing is a combination of technologies, including grid computing and distributed computing, that use the Internet as a network for service delivery. Organizations can select the price and service models that best accommodate their demands and financial restrictions. Cloud service providers choose the pricing model for their cloud services, taking the size, usage, user, infrastructure, and service size into account. Thus, cloud computing’s economic and business advantages are driving firms to shift more applications to the cloud, boosting future development. It enlarges the possibilities of current IT systems.
Over the past several years, the ”cloud computing” industry has exploded in popularity, going from a promising business concept to one of the fastest expanding areas of the IT sector. Most enterprises are hosting or installing web services in a cloud architecture for management simplicity and improved availability. Virtual environments are applied to accomplish multi-tenancy in the cloud. A vulnerability in a cloud computing environment poses a direct threat to the users’ privacy and security. In our digital age, the user has many identities. At all levels, access rights and digital identities must be regulated and controlled.
Identity and access management(IAM) are the process of managing identities and regulating access privileges. It is considered as a front-line soldier of IT security. It is the goal of identity and access management systems to protect an organization’s assets by limiting access to just those who need it and in the appropriate cases. It is required for all businesses with thousands of users and is the best practice for ensuring user access control. It identifies, authenticates, and authorizes people to access an organization’s resources. This, in turn, enhances access management efficiency. Authentication, authorization, data protection, and accountability are just a few of the areas in which cloud-based web services have security issues. These features come under identity and access management.
The implementation of identity and access management(IAM) is essential for any business. It’s becoming more and more business-centric, so we need more than technical know-how to succeed. Organizations may save money on identity management and, more crucially, become much nimbler in their support of new business initiatives if they have developed sophisticated IAM capabilities. We used these features of identity and access management to validate the robustness of the cloud computing environment with a comparison of traditional identity and access management.
Covert channels have been known for a long time because of their versatile forms of appearance. For nearly every technical improvement or change in technology, such channels have been (re-)created or known methods have been adapted. For example, the introduction of hyperthreading technology has introduced new possibilities for covert communication between malicious processes because they can now share the arithmetic logical unit as well as the L1 and L2 caches, which enable establishing multiple covert channels. Even virtualization, which is known for its isolation of multiple machines, is prone to covert- and side-channel attacks because of the sharing of resources. Therefore, it is not surprising that cloud computing is not immune to this kind of attacks. Moreover, cloud computing with multiple, possibly competing users or customers using the same shared resources may elevate the risk of illegitimate communication. In such a setting, the “air gap” between physical servers and networks disappears, and only the means of isolation and virtual separation serve as a barrier between adversary and victim. In the work at hand, we will provide a survey on vulnerable spots that an adversary could exploit trying to exfiltrate private data from target virtual machines through covert channels in a cloud environment. We will evaluate the feasibility of example attacks and point out proposed mitigation solutions in case they exist.
Several cloud schedulers have been proposed in the literature with different optimization goals such as reducing power consumption, reducing the overall operational costs or decreasing response times. A less common goal is to enhance the system security by applying specific scheduling decisions. The security risk of covert channels is known for quite some time, but is now back in the focus of research because of the multitenant nature of cloud computing and the co-residency of several per-tenant virtual machines on the same physical machine. Especially several cache covert channels have been identified that aim to bypass a cloud infrastructure's sandboxing mechanism. For instance, cache covert channels like the one proposed by Xu et. al. use the idealistic scenario with two alternately running colluding processes in different VMs accessing the cache to transfer bits by measuring cache access time. Therefore, in this paper we present a cascaded cloud scheduler coined C 3 -Sched aiming at mitigating the threat of a leakage of customers data via cache covert channels by preventing processes to access cache lines alternately. At the same time we aim at maintaining the cloud performance and minimizing the global scheduling overhead.