Authors: Neha Kumari, Dr. Uday Narayan Singh
Certificate: View Certificate
With the use of cloud computing, a comprehensive web platform made up of many different services may be created and used as needed. Through the internet, cloud computing offers its services in an affordable, dependable, and productive manner. By offering services on a rental basis, cloud computing lowers the expenditure required to buy gear, software, and software licenses. It offers backups to maintain multiple copies of the data and lowers the cost of licensing. With the use of cloud computing, a comprehensive web platform made up of many different services may be created and used as needed. One of today\'s most fascinating technologies is cloud computing, which is scalable, versatile, and can lower the cost and complexity of applications. These advantages turned cloud computing from a far-fetched notion into one of the most rapidly expanding fields of technology today. Actually, virtualization technology is based on an older technique called virtualization, which contains security flaws that need to be fixed before they influence cloud computing. Additionally, limited security features of virtualization technology are needed to protect a wide-area system like the cloud. Therefore, modifications to the conventional virtualization design are needed to create an effective security solution. In order to safeguard the cloud environment, this article suggests novel security architecture in a virtualization technology based on hypervisors.
Sharing computations and resources is the main focus of the network-based system known as cloud computing. Actually, a pool of virtualized computer resources is how cloud computing is characterized. Numerous virtual machines are typically hosted on a single physical server, and cloud providers typically leverage virtualization technologies along with self-service capabilities for computing resources across network infrastructures, particularly the Internet.
The cloud computing paradigm, which is based on virtualization, enables speedy deployment and scaling-out of workloads through the quick supply of Virtual Computers or real machines.
The redundant, self-recovering, highly scalable programming paradigms supported by cloud computing platforms enable workloads to bounce back from numerous unavoidable hardware/software failures. Customers just pay for the resources they really use in the cloud; they do not have to pay for infrastructure or storage that is located locally. Because the majority of maintenance, software upgrades, configuration, and other management chores are automated and centralized at the data centre by the cloud provider responsible for them, a virtual appliance alleviates some of the most significant management challenges. Because virtualization is an older technology and lacks sufficient security features for large networks like the cloud.
The presented paper is is divided into the following 6 sections:
II. CLOUD COMPUTING
A network or the internet is referred to as the "cloud." It is a system that substitutes remote internet servers for local hard drives while storing, managing, and accessing data online. Whatever you choose can be considered data, including files, photos, documents, audio, video, and more. Similarly, other computing and network services, such as compute service, infrastructure, platform and bandwidth services are available for the cloud users on demand and in self-service mode.
A. Characteristics of Cloud Computing
The principal features of Cloud Computing are:
B. Types Cloud Architecture
According to the requirements of the enterprise, you can deploy the following 4 types of clouds:
The National Institute of Standards and Technology (NIST) divides private cloud into the following two categories based on location and management:
3. Hybrid Cloud: Public and private clouds are combined to create hybrid clouds. Hybrid cloud is only partially safe because only users within the business can access services that are running on a private cloud, while anyone can access those that are running on a public cloud. Example: Office 365, Google Application Suit, AWS, etc.
4. Community Cloud: In order to share information between an organization and a particular community, a collection of various organizations can access systems and services through a community cloud. One or more community-based organizations, a third party, or a combination of them own, manage, and run it.
C. Cloud Service Models
The following three cloud service model types exist:
Cloud computing is built on the virtualization technique, which makes it possible to use actual computer hardware more effectively. Through the use of software, virtualization can divide the hardware components of a single computer, such as its processors, memory, storage, and other components, into several virtual computers, also known as virtual machines (VMs). Despite only using a small percentage of the actual underlying computer hardware, each virtual machine (VM) runs its own operating system (OS) and functions like a separate computer.
Today, enterprise IT architecture uses virtualization as a best practise. The economics of cloud computing are likewise based on this technology. Cloud users can buy only the computing resources they require at the time they require them, and they can scale those resources affordably as their workloads increase thanks to virtualization, which enables cloud providers to provide users with services using their existing physical computer hardware.
A. Virtual Machines
Virtual environments that imitate a physical computer in software are called virtual machines (VMs). They typically consist of a number of files, including those storing the virtual machine's settings, storage for the virtual hard drive, and a few snapshots that capture the status of the virtual machine at specific times. The terms virtual server, virtual server instance (VSI), and virtual private server (VPS) are all used to refer to this technology.
An emulated version of a physical computer is known as a virtual machine. The host is the actual machine they run on, and VMs are frequently referred to as guests. On a single physical machine, virtualization enables the creation of many virtual machines, each with its own operating system (OS) and applications. Direct communication between a VM and a real machine is impossible. Instead, it requires a thin layer of software called a hypervisor to act as a communication channel with the underlying physical hardware. Each VM is given a certain amount of physical computing resources, such as processors, memory, and storage, by the hypervisor. In order to prevent interference, it maintains each VM isolated from the others.
The software layer that manages VMs is called a hypervisor. It acts as a bridge between the virtual machine and the underlying physical hardware, making sure that each has access to the resources it requires to run. Additionally, it makes sure that the VMs don't conflict with one another by using up each other's memory or computing resources.
There are two major types of hypervisor listed below:
A. Hypervisor and Virtualization
In order to manage the distribution of system resources among numerous virtual machines, the hypervisor is accessible at machine startup time. Some of these virtual machines (VMs) are privileged partitions that control the virtualization platform and hosted VMs. The privileged partitions in this design have access to and control over the virtual machines.
The most controllable environment is created using this method, which also allows for the use of extra security measures like intrusion detection systems. The hypervisor has a single point of failure, making it susceptible. All VMs are in the attacker's control if the hypervisor crashes or the attacker seizes control of it. Yet, it is challenging, though not impossible, to take control of the hypervisor at the virtual machine level. This attribute led to the selection of this layer for the implementation of the suggested security architecture.
A hypervisor is one of many virtualization tools that enable hardware virtualization, the capability of running multiple operating systems concurrently on a host machine as "guests." It is conceptually one degree higher than a supervisor, hence its name. The hypervisor provides a virtual operating environment to the guest operating systems and keeps track of how they are running. The hardware resources that have been virtualized may be shared by multiple instances of different operating systems. Hypervisor is installed on server hardware whose only task is to run guest operating systems.
V. SECURITY ISSUES AND RELIABILITY OF HYPERVISORS
Performance of the cloud can be impacted by reliability-related virtualization problems in addition to security-related ones. For instance, the provider might place an excessive number of virtual machines on a real server. Performance issues may come from repercussions like constrained CPU cycles or I/O bottlenecks. These issues can arise in a conventional physical server, but they are more likely to do so in a virtualized server because numerous Virtual Machines are connected to a single physical server, competing for the same limited resources. Therefore, in a virtualized environment compared to a comparable physical environment, management duties like performance management and capacity planning management are more crucial.
Because of this, IT companies need to be able to continuously track how both physical servers and virtual machines are being used. This capability enables IT companies to allocate and reallocate resources based on shifting business requirements, preventing both over- and underutilization of server resources like CPU and memory. Additionally, with the aid of this capability, IT organizations can put in place policy-based corrective measures that help the company make sure service levels are being reached .
The fact that cloud-based companies now have to control virtual machine sprawl presents another challenge in virtualization. Virtual machine proliferation occurs when new virtual machines are created that are not required for business, increasing the number of virtual machines operating in a virtualized environment. Infrastructure overuse is one concern related to virtual machine proliferation. Virtual machine managers should carefully assess the need for all new virtual machines and make sure that any that are not required migrate to other physical servers in order to prevent virtual machine sprawl. Additionally, an unnecessary virtual machine will be able to transfer with high availability and energy economy from one physical server to another. However, bear in mind that it may be difficult to guarantee that the migrated virtual machine maintains the same security, QoS, and required privacy policies. It must be guaranteed that the destination keeps all necessary migrated virtual machine configurations.
There are a number of virtual machines in a virtualization system that might have independent security zones that are inaccessible from other virtual machines that have their own zones. A hypervisor is the governing entity for everything inside a virtualization host and has its own security zone. The actions of the virtual machines operating on the virtualization host can be touched and influenced by the hypervisor . There are different security zones, but they are all part of the same physical infrastructure, which in a conventional sense would only be found in one security zone. When an attacker seizes possession of the hypervisor, this could result in a security problem. The attacker then has complete authority over all data located within the hypervisor's domain.
Escape the Virtual Machine, or the capacity to access the hypervisor from within the Virtual Machine level, is a significant virtualization security issue. The development of more APIs for virtualization systems will raise the importance of this even further. Controls to turn off features inside a virtual machine that could harm performance and availability are being developed alongside new APIs.
A. Advantages of Hypervisor Based Security
In addition to managing resources, the hypervisor also has the capacity to protect the cloud's infrastructure. The best method for applying techniques to achieve a secure cloud environment is virtualization technology based on hypervisors. The following factors led to the selection of this technology:
B. Disadvantages of Hypervisor Based Security
In addition to some of the advantages of the virtualization, there are some flaws that can impair the effectiveness of the security measures that have been put in place.
VI. MAJOR THREATS AND SECURITY ISSUES WITH HYPERVISOR BASED VIRTUALIZATION
Despite the fact that each user is serviced by the same machine, in the hypervisor, each user sees their systems as separate computers that are not connected to any other users. An operating system that is controlled by an underlying control programme is referred to in this sense as a virtual machine.
In general, IT organisations that own their own servers have complete control over those servers. Additionally, they use a variety of tools that are accessible to them for privacy purposes, giving them the ability to destroy sensitive data that is unwanted or unnecessary. However, when moving to a cloud setting, they have virtual servers that are managed by a third party. Overwriting is a conventional method for securely deleting data, but this approach is ineffective without cooperation from the cloud service. Customers cannot view the physical device in a cloud environment, only the data level. There is only one option, and that is for customers to encrypt their data using a secret key to prevent data reconstruction from leftovers after erasure.
Although there are many users and active applications in the cloud, everyone should prioritize security. No matter what application is running on the cloud, the cloud must function correctly and establish an environment that is immune to attacks. Anything that can be made is also breakable in the realm of computers. Furthermore, cloud computing is an Internet-based technology, but creating root-of-trust cloud computing platforms appeared to be impossible. Therefore, it appears that security is the primary area of worry in the cloud, and cloud providers will experience countless vicissitudes as their cloud grows larger than it is now. Even so, before transferring data to a cloud, it is important to take into account the unique challenges and security issues that this method of decentralizing applications and enabling global access to data produces. The most crucial of these is security, which must be taken into account before moving towards cloud computing.
 G. Rowel, \"Virtualization: The next generation of application delivery challenges,\" 2009.  G. Texiwilsl, Is Network Security the Major Component of Virtualization Security?, 2009.  R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masouka, and J. Molina, \"Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control,\" presented at the ACM Cloud Computing Security Workshop, Chicago, Illinois, USA., 2009.  P. Sefton, \"Privacy and data control in the era of cloud computing.\"  D. Rowe, “The Impact of Cloud on Mid-size Businesses,” 2011.  C. Almond, \"A Practical Guide to Cloud Computing Security,\" 2009  P. R. Gallagher, A Guide to Understanding Data Remanence in Automated Information Systems: The Rainbow Books, ch.3 & ch.4, 1991.  L. Litty, \"Hypervisor-based Intrusion Detection,\" M.S. thesis, Dept. Computer Science, University of Toronto, 2005.  Vaquero, L. M., Rodero-Merino, L., Caceres, J., & Lindner, M. (2008). A break in the clouds: towards a cloud definition. ACM SIGCOMM Computer Communication Review, 39(1), 50-55.  Zaharescu, E., &Zaharescu, G. A. (2012). Enhanced virtual e-learning environments using cloud computing architectures. International Journal of Computer Science Research and Application, 2(1), 34-39.  Bianchini, R., & Rajamony, R. (2004), “Power and energy management for server systems”, Computer, Vol. 37, No. 11, pp. 68-76
Copyright © 2023 Neha Kumari, Dr. Uday Narayan Singh. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.