A REFERENCE ARCHITECTURE FOR CLOUD COMPUTING AND ITS SECURITY APPLICATIONS by Keiko Hashizume A Dissertation Submitted to the Faculty of the College of Engineering and Computer Science in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy Florida Atlantic University Boca Raton, FL May 2013 Copyright by Keiko Hashizume 2013 ii ACKNOWLEDGEMENTS I would like to thank my advisor, Dr. Eduardo B. Fernandez, for his guidance during these years. He has been a true mentor by supporting me not only during my research but also in my personal life. I would also like to express my gratitude to my committee members, Dr. Maria Petrie, Dr. Mihaela Cardei, Dr. Rainer Steinwandt, and the members of the Secure Systems Research Group for all their advice and constructive comments of this dissertation. I would like to thank also to Latin American and Caribbean Consortium of Engineering Institutions for its support during my studies. I want to thank the GSyA Research Group at the University of Castilla-La Mancha, Ciudad Real, Spain, and the GRACE Center of the National Institute of Informatics, in Tokyo, Japan, for hosting my visits to their institutions and collaborating with us. Those visits were supported by the PIRE Program of NSF (grant OISE-0730065). iv ABSTRACT Author: Keiko Hashizume Title: A Reference Architecture for Cloud Computing and Its Security Applications Institution: Florida Atlantic University Dissertation Advisor: Dr. Eduardo B. Fernandez Degree: Doctor of Philosophy Year: 2013 Cloud Computing is a relatively new computing model that provides on demand business or consumer IT services over the Internet. However, one of the main concerns in Cloud Computing is security. In complex systems such as Cloud Computing, parts of a system are secured by using specific products, but there is rarely a global security analysis of the complete system. We have described how to add security to cloud systems and evaluate its security levels using a reference architecture. A reference architecture provides a framework for relating threats to the structure of the system and makes their numeration more systematic and complete. In order to secure a cloud framework, we have enumerated cloud threats by combining several methods because it is not possible to prove that we have covered all the threats. We have done a systematic enumeration of cloud threats by first identifying them in the literature and then by analyzing the activities from each of their use cases in order to find possible threats. These threats are realized in the form of misuse cases in order to understand how an attack happens from the point of v view of an attacker. The reference architecture is used as a framework to determine where to add security in order to stop or mitigate these threats. This approach also implies to develop some security patterns which will be added to the reference architecture to design a secure framework for clouds. We finally evaluate its security level by using misuse patterns and considering the threat coverage of the models. vi A REFERENCE ARCHITECTURE FOR CLOUD COMPUTING AND ITS SECURITY APPLICATIONS TABLES ............................................................................................................................ xi FIGURES .......................................................................................................................... xii 1. INTRODUCTION ...................................................................................................... 1 2. BACKGROUND ........................................................................................................ 5 2.1. Cloud Service Models .......................................................................................... 5 2.1.1. Infrastructure-as-a-Service ............................................................................ 5 2.1.2. Platform-as-a-Service ................................................................................... 6 2.1.3. Software-as-a-Service ................................................................................... 6 2.2. Cloud Service Deployment .................................................................................. 7 2.2.1. Public Cloud.................................................................................................. 7 2.2.2. Private Cloud ................................................................................................ 8 2.2.3. Community Cloud ......................................................................................... 9 2.2.4. Hybrid Cloud ................................................................................................ 9 2.3. Characteristics of Cloud Computing .................................................................. 10 2.4. Key Technologies for Cloud Computing ........................................................... 11 2.4.1. Service Oriented Architecture (SOA) ......................................................... 11 2.4.2. Web 2.0 ....................................................................................................... 12 2.4.3. Virtualization .............................................................................................. 12 2.4.4. Reference Architectures .............................................................................. 13 2.4.5. Patterns. ....................................................................................................... 14 3. ANALYSIS OF SECURITY ISSUES ...................................................................... 15 3.1. Systematic review of Security issues for Cloud Computing .............................. 15 3.1.1. Question Formalization ............................................................................... 16 3.1.2. Selection of Sources .................................................................................... 16 3.1.3. Review Execution ....................................................................................... 17 vii 3.1.4. Results and Discussion ............................................................................... 17 3.2. Security in the SPI model ................................................................................... 18 3.2.1. Software-as-a-Service (SaaS) Security Issues ............................................ 19 3.2.2. Platform-as-a-Service (PaaS) Security Issues ............................................. 21 3.2.3. Infrastructure-as-a-Service (IaaS) Security Issues ...................................... 23 3.3. Analysis of Security issues in Cloud Computing ............................................... 27 3.3.1. Countermeasures ......................................................................................... 33 3.4. Summary ............................................................................................................ 38 4. REFERENCE ARCHITECTURE ............................................................................ 40 4.1. Cloud Architecture Overview ............................................................................ 41 4.2. Cloud Computing Standards .............................................................................. 42 4.3. Use Case Model ................................................................................................. 44 4.4. Infrastructure-as-a-Service ................................................................................. 54 4.4.1. Intent ........................................................................................................... 54 4.4.2. Context ........................................................................................................ 54 4.4.3. Problem ....................................................................................................... 55 4.4.4. Forces .......................................................................................................... 55 4.4.5. Solution ....................................................................................................... 56 4.4.6. Implementation ........................................................................................... 62 4.4.7. Known Uses ................................................................................................ 64 4.4.8. Consequences .............................................................................................. 64 4.4.9. Related Patterns .......................................................................................... 67 4.5. Platform-as-a-Service ......................................................................................... 67 4.5.1. Intent ........................................................................................................... 67 4.5.2. Context ........................................................................................................ 67 4.5.3. Problem ....................................................................................................... 68 4.5.4. Solution ....................................................................................................... 69 4.5.5. Implementation ........................................................................................... 73 4.5.6. Known Uses ................................................................................................ 78 4.5.7. Consequences .............................................................................................. 79 4.5.8. Related Patterns .........................................................................................
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages171 Page
-
File Size-