Call for Paper - January 2023 Edition
IJCA solicits original research papers for the January 2023 Edition. Last date of manuscript submission is December 20, 2022. Read More

Is IaaS Platform Secure?

Print
PDF
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2018
Authors:
Nitin Kamble, Prince Pradhan, Mukesh Ghanchi, Ashutosh Jaiswal
10.5120/ijca2018918181

Nitin Kamble, Prince Pradhan, Mukesh Ghanchi and Ashutosh Jaiswal. Is IaaS Platform Secure?. International Journal of Computer Applications 181(31):26-30, December 2018. BibTeX

@article{10.5120/ijca2018918181,
	author = {Nitin Kamble and Prince Pradhan and Mukesh Ghanchi and Ashutosh Jaiswal},
	title = {Is IaaS Platform Secure?},
	journal = {International Journal of Computer Applications},
	issue_date = {December 2018},
	volume = {181},
	number = {31},
	month = {Dec},
	year = {2018},
	issn = {0975-8887},
	pages = {26-30},
	numpages = {5},
	url = {http://www.ijcaonline.org/archives/volume181/number31/30187-2018918181},
	doi = {10.5120/ijca2018918181},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}
}

Abstract

This paper put insight on how the security mechanisms enforced by cloud computing providers of their IaaS platforms and enabling their users to utilize the platforms securely. This paper provides the assessment of two popular IaaS platforms with respect to the following criteria: network security, authentication and API security, security attack protection and high availability, logging and monitoring, access right control, and security. The assessment is based on the information provided by cloud computing providers and usage of the IaaS platforms.

References

  1. H. Takabi, J. Joshi, and G.-J. Ahn, “Security and privacy challenges in cloud computing environments,” Security Privacy, IEEE, vol. 8, no. 6, pp. 24–31, Nov 2010.
  2. A. Bouayad, A. Blilat, N. El Houda Mejhed, and M. El Ghazi, “Cloud computing: Security challenges,” in Information Science and Technology (CIST), 2012 Colloquium in, Oct 2012, pp. 26– 31.
  3. I. Khalil, A. Khreishah, S. Bouktif, and A. Ahmad, “Security concerns in cloud computing,” in Information Technology: New Generations (ITNG), 2013 Tenth International Conference on, April 2013, pp. 411–416.
  4. “Cloud Security - AWS,” http://aws.amazon.com/security, 2015, [Online; accessed 06.11.2015].
  5. “Integrity life-cycle - OpenStack Security Guide,” http://docs.openstack.org/security-guide/content/integrity-life-cycle.html, [Online; accessed 06.11.2015].
  6. “Authentication Overview - OpenNebula 4.12.1 documentation,” http://docs.opennebula.org/4.12/administration/authentication/external_auth.html, 2015, [Online; accessed 06.11.2015].
  7. “Google Security Whitepaper – Google Cloud Platform,” https://cloud.google.com/security/whitepaper#custom_server_hardware_and_software, 2015, [Online; accessed 06.11.2015].
  8. “Networking and Firewalls - Compute Engine – Google Cloud Platform”, https://cloud.google.com/compute/docs/networking,2015, [Online; accessed 06.11.2015].
  9. “AWS - Multi-Factor Authentication,” https://aws.amazon. com/iam/details/mfa/, [Online; accessed 06.11.2015].
  10. “Authentication - Compute Engine – Google Cloud Platform,” https://cloud.google.com/storage/docs/authentication, 2015, [Online; accessed 06.11.2015].
  11. “Signing AWS API Requests - Amazon Web Services,” http://docs.aws.amazon.com/general/latest/gr/signing_aws_ api_requests.html, [Online; accessed 06.11.2015].
  12. “RFC 6749 - The OAuth 2.0 Authorization Framework.”
  13. “Google Compute Engine Service Level Agreement (SLA),” https://cloud.google.com/compute/sla, 2015, [Online; accessed 06.11.2015].
  14. “Amazon EC2 SLA,” http://aws.amazon.com/ec2/sla/, 2015, [Online; accessed 06.11.2015].
  15. “Instances - Compute Engine – Google Cloud Platform,” https://cloud.google.com/compute/docs/instances/#onhostmaintenance, 2015, [Online; accessed 06.11.2015].
  16. “Amazon EC2 Maintenance Help Page,” http://aws.amazon.com/maintenance-help/, 2015, [Online; accessed 6.11.2015].
  17. “New – Auto Recovery for Amazon EC2 | AWS Official Blog,” https://aws.amazon.com/blogs/aws/ new-auto-recovery-for-amazon-ec2/,2015, [Online; accessed 06.11.2015].
  18. “Monitor Your AWS Charges with Billing Alerts Using Amazon CloudWatch,” http://aws.amazon.com/about-aws/whatsnew/2012/05/10/announcing-aws-billing-alerts/, 2015, [Online; accessed 06.11.2015].
  19. “Getting Notifications When Your Auto Scaling Group Changes – Auto Scaling,” http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/ASGettingNotifications.html, 2015, [Online; accessed 06.11.2015].
  20. “Ceilometer/Alerting - OpenStack,” https://wiki.openstack.org/wiki/Ceilometer/Alerting, [Online; accessed 06.11.2015].
  21. “List of Log Types - Cloud Logging – Google Cloud Platform,” https://cloud.google.com/logging/docs/view/logs_ index, 2015, [Online; accessed 06.11.2015].
  22. “Pricing - Cloud Logging – Google Cloud Platform,” https://cloud.google.com/logging/pricing, 2015, [Online; accessed 06.11.2015].
  23. M. Seaborn and T. Dullien, “Exploiting the DRAM rowhammer bug to gain kernel privileges,” http://googleprojectzero.blogspot.de/2015/03/exploiting-dramrowhammer-bug-to-gain.html, 2015, [Online; accessed 06.11.2015].
  24. “Chapter 9. Managing Projects and Users - OpenStack Operations Guide,” http://docs.openstack.org/openstack-ops/content/projects_users.html, 2015, [Online; accessed 06.11.2015].
  25. “AWS - Manage Permissions and Policies,” http://aws.amazon.com/de/iam/details/manage-permissions/, 2015, [Online; accessed 06.11.2015].
  26. “Configuring permissions on Google Cloud Platform,” https://cloud.google.com/docs/permissions-overview, 2015, [Online; accessed 06.11.2015].
  27. “Autoscaler - Compute Engine – Google Cloud Platform,” https://cloud.google.com/compute/docs/autoscaler/, 2015, [Online; accessed 06.11.2015].
  28. “AWS Shared Responsibility Model,” http://aws.amazon.com/compliance/shared-responsibility-model/, 2015, [Online; accessed 06.11.2015].
  29. “Security and Compliance on the Google Cloud Platform – Google Cloud Platform,” https://cloud.google.com/security/, 2015, [Online; accessed 06.11.2015].
  30. J. Geffner, “Venom vulnerability,” http://venom.crowdstrike.com/, 2015, [Online; accessed 06.11.2015].

Keywords

Cloud computing, Infrastructure as a Service, security, Amazon Web Services, Google Cloud Platform.