Cloud Computing
Cloud computing is a model for enabling rapid provisioning of resources from a pool of resources. There are three cloud service models: Software as a Service (SAAS), Platform as a Service (PAAS), and Infrastructure as a Service (IAAS). SAAS allows users to use the provider’s application, while PAAS allows users to use the provider’s platform to build applications. IAAS allows users to use the provider’s fundamental computing building blocks like compute, storage, and networking.
Cloud deployment models include private cloud, community cloud, public cloud, and hybrid cloud. Private cloud is maintained by a private entity, while community cloud is maintained by a community. Public cloud is available to the public, while hybrid cloud is a combination of two or more of these models.
Cloud Security Concerns
Cloud computing has essential characteristics, including on-demand self-service, broad network access, rapid elasticity, resource pooling, and measured service. However, security and data privacy are the critical barriers to adopting cloud computing. Key issues include trust, multi-tenancy, data protection, and compliance.
Cloud security advantages include shifting public data to an external cloud, which reduces the exposure of the internal sensitive data. Cloud homogeneity makes security auditing/testing simpler, and clouds enable automated security management. Redundancy/disaster recovery is also an advantage. However, cloud security challenges include trusting the vendor’s security model, customer inability to respond to audit findings, obtaining support for investigations, indirect administrator accountability, proprietary implementation that can’t be examined, and loss of physical control.
Virtualization and Cloud Computing Security
Virtualization is a key aspect of cloud computing, and the hypervisor or Virtual Machine Monitor (VMM) is essential. The hypervisor enables guest OS to run in isolation of other OSs, run multiple types of OSs, increase utilization of physical servers, enable portability of virtual servers between physical servers, and increase the security of physical host servers. Kernel-level security tools can defend against malware processes in the user-level, but they can’t defend against untrusted drivers running using kernel privileges. In the hypervisor-based approach, the kernel-level security tool is placed in a separate security VM that can introspect untrusted drivers in other VMs. The hypervisor runs isolated from those VMs.
One of the most essential tasks of virtual machine security is memory analysis, because of nearly endless data for security and forensics. There are two types of monitoring: passive and active. Passive monitoring involves security VM taking a snapshot of the memory of other VM periodically (VM introspection), while active monitoring involves security VM taking a view of memory of other VM when a new event happens. LIBVMI helps in translating memory contents into virtual address, kernel symbols, and more. VM monitoring challenges include invocation cost and introspection cost.
Securing in-VM monitoring involves minimizing the overhead of switching to the hypervisor, data read/write near native speed, and isolating the VM in a separate address space than the system address space.