Cloud computing (CC) has been receiving great concern in the last few year because of the benefits it provides to its users. CC has remained excellent in matters of flexibility, scalability, virtualization and provision of services. Despite this, many companies remain reluctant to this cutting-edge technology due to security issues that affect virtualized environments, particularly in critical applications where safety and dependability levels are needed. Proposing the architecture of reacting to these threats is the infrastructure for secured data in CC.
Cloud Computing enables ubiquitous network access to a collection of computing resources. With its Infrastructure as a service, IAAS the model has paved its way as a scalable and efficient solution. This is because it enables customers to deploy resources such as storage and virtual machines (VM) without the dependence of physical infrastructure. Researchers at the University of North Carolina and the computer security company RSA have revealed that cloud computing-hosted software steal data and secrets stored in the same cloud. This means that valuable data should not be entrusted on this cloud. The attack undermines the basic assumptions underpinning the cloud computing: a customer data must be kept separate from the data belonging to other customers.
Counter measures have been proposed to the most common flaws in the IAAS cloud computing. Data protection and availability are the way: when a user entrusts their data to the cloud, they are not sure of the location where they are saved and the treatment they will pass (Herminghaus, Volker, and Albrecht 2009). Encrypting the data basing on attributes: how to decrypt a ciphertext is received on the ground of the policies associated with the message and the user. Software defined networks, SDN paradigm, has rapidly altered the perspective of researching on the network. It is based on “smart” distinction between the layers of the real infrastructure and the control layer where network intelligence is deployed (OpenFlow Controller). The deployment of this approach decouples the forwarding plane from the control plane; the network behavior can then be programmed using global view of the network.
OpenFlow protocol allows the control and definition of traffic management strategies performed by the switching devices. It’s gaining a lot of popularity in CC platforms as a great tech for executing IAAS. The urge to have a fully-virtualized network is the focus of the CC community. Hardware virtualization, the hypervisor is enabled solutions that reach an equal level of abstraction with the physical network resources. OpenFlow guarantees the programmability of the network levels in a Virtual Machine, VM. Regarding security requirements, the dynamicity nature of a CC system makes traditional solutions untrustworthy. Therefore, there is need to find approaches that protect the infrastructure from the attacks. OpenFlow is considered as the leading tech that executes an architecture that’s aware of dynamicity of security policies.
The perfection of OpenFlow to solve CC security issues has introduced the OpenFlow-Based platforms. With this new “security package,” the define software network, SDN paradigm can perform an implementation of traffic anomaly detection easier using NOX (Aljawarneh 2013). NOX serves as a superb network control platform. It presents a high-level programming interface for development and maintenance of network control applications. The system-wide abstraction in it turns networking into a software problem. NOX OpenFlow controller is used in small office/home office, SOHO networks and they implement four different anomaly detection algorithms (Hugos, Michael H, and Derek 2011).
Dhamdhere (2014) suggest about the flexible security management architecture used in large-scale production networks. The architecture enables prevention of drawbacks of existing static solutions by regarding the peculiarities of data center networks. The proposed architecture consists of a control component with a view of both global view of a network and designed security policies. The programmability of these network flows the check of the security policies and fast response to the alarms. The distributed architecture requires a deeper analysis to clarify if the introduced latency affects the experience of the user.
OpenvSwitch technology fits the dynamic nature of the CC infrastructures. It is used as a virtual switch that provides connectivity to virtual guests. It's designed to enable massive network automation via programmatic extension while supporting standard management interfaces such as NetFlow, sFLOW, RSPAN, CLI, LACP et al. OpenvSwitch is designed to support distribution across servers similar to VMware vNetwork distributed VSwitch. It executes impressive features that link well with the architecture as it relies on VLANs. It guarantees level-2 isolation, and it is OpenFlow 1.0 protocol compliant. Floodlight, an open source Java event-based controller, is another great OpenFlow controller. Due to its modularity of core functionalities, availability of Representational State Transfer (REST APIs), and superb performance, the controller is consistently used.
Floodlight OpenFlow controller is very significant due to a number of reasons (Dustdar, Schahram, Frank, and Massimo Villari 2015): it can work with both physical and virtual switches that configure OpenFlow protocol; it is Apache licensed; it is easy to use, build and run, and it is tested and approved by the governing authorities (community of professional developers). Floodlight is the center of commercial controller product done by the Big Switch Networks. It is designed to work with access points that enable OpenFlow standard. It offers a module loading system making it simple to extend and use with minimal dependencies, enable a wide range of mixed OpenFlow and non-OverFlow links. It supports OpenStack orchestration cloud platform as well.
Starting from the supposition that the cloud infrastructure is created by geographically distributed datacenters, once an attack is detected, a mitigation strategy for the nodes involved starts. The strategy involves dynamic activation the migration of virtual guests that are under attack in the remote datacenter by interacting with the platform manager of that cloud. Once the migration is terminated, floodlight controller takes over the programming of the OpenVSwitches flow tables to redirect the traffic related to migrated node towards a new location. This guarantees transparency of virtual appliance. The legitimate user or machine can, therefore, access services hosted on attacked node without the awareness of the migration. To boost the network security of the connected data centers, a mechanism that splits the packets into separate parts and redirects them to independent (disjoint) paths is employed so that an intruder won’t reconstruct the flowing traffic.
Air Traffic Control (ATC) gives a superb security correction of cloud computing flaws. ATC are demanding and software-intensive systems with entrusted safety and hard real-time operation. In an ATC field, the ATC centers belonging to a single system are often located in different cities in a country for fault tolerance purposes or remote connection needs at the national level. CC represents the core tech these industries need. Setting up an extended private CC platform enables to connect geographically distributed ATC centers, for instance, realizing a failover configuration among centers to improve the overall availability of the system (Erl, Thomas, Ricardo, and Zaigham 2013).
It is leveraged in pre-operational phases by having testbed platforms to do distributed testing campaigns on the compound systems from various premises, to reproduce real world events in house and validate operational number for the system. The use case scenario in which the proposed OpenFlow-based architecture is tested and evaluated is a Private Enterprise Cloud Computing Infrastructure that host the Area Control Center (ACC), the core operative center in the ATC system. As far as flight technology is concerned, an ACC controls at high altitudes between the departures and arrivals of an aircraft. This aims at validating the architecture on a complex real world system, one of the main industrial assets.
Although cloud computing has remained outstanding its provision of computing infrastructure, privacy and security flaws have lowered its integrity to businesses and users (Weinman 2012). Businesses and people are starting to fear that their confidential information would no longer be confidential, but will turn to be public. Due to this uncertainty, OpenFlow facility has seen the restructure of privacy and security of CC. OpenFlow is performing extremely well with the aim to end this crisis.
Work cited
Aljawarneh, Shadi. Cloud Computing Advancements in the Design, the Implementation, and the Technologies. Hershey, PA: Information Science Reference, 2013. Print.
Dhamdhere, Sangeeta N. Cloud Computing and Virtualization Technologies in Libraries. , 2014. Print. Dustdar, Schahram, Frank Leymann, and Massimo Villari. Service Oriented and Cloud Computing: 4th European Conference, Esocc 2015, Taormina, Italy, September 15-17, 2015. Proceedings. , 2015. Internet resource.
Erl, Thomas, Ricardo Puttini, and Zaigham Mahmood. Cloud Computing: Concepts, Technology, & Architecture. , 2013. Print.
Herminghaus, Volker, and Albrecht Scriba. Storage Management in Data Centers: Understanding, Exploiting, Tuning, and Troubleshooting ; Veritas Storage Foundation. Berlin: Springer, 2009. Print. Hugos, Michael H, and Derek Hulitzky. Business in the Cloud: What Every Business Needs to Know About Cloud Computing. Hoboken, N.J: Wiley, 2011. Internet resource.
Weinman, Joe. Cloudonomics: The Business Value of Cloud Computing. Hoboken, N.J: Wiley, 2012. Print.
