Securing the IaaS Service Model of Cloud Computing Against Compromised Components

摘要

Cloud Computing is a new computing model, and its security aspects require special considerations. New characteristics of the cloud model have introduced new security challenges, and made some of the existing security techniques incompatible. Moreover, existing cloud environments are closed, operated by commercial providers, and their security mechanisms are proprietary as well as confidential. In other words, there is not much chance of observing how a real cloud environment is working, and how their providers adapt security measures to the new model.Therefore, we have chosen an open source cloud platform to build our own cloud environment. The OpenStack cloud software met our requirements, but it was not mature enough. We have done a deep analysis of this platform, identified potential attack targets in it, and discuss impacts of a successful attack.In order to secure our environment, the National Institute of Standards and Technology (NIST) incident handling guideline has been applied to the cloud model, and corresponding actions for each phase has been performed. To complete our study, we have proposed a set of cloud specific approaches that fulfill the incident handling requirements. These approaches address challenges identified in the guideline adaptation process. Additionally, we have studied the feasibility and compatibility of each approach against our deployed environment.Additionally, we also have submitted a paper to IEEE CloudCom 2011 conference, based on my thesis. A draft version of the paper is included in Appendix A.