Secure execution environment and communication in cloud

How does one can ensure secure execution environments and communications in cloud ?

In a cloud environment, applications are run on different servers in a distributed mode. These applications interact with the outside world and other applications and may contain sensitive information whose inappropriate access would be harmful to a client. In addition, cloud computing is increasingly being used to manage and store huge amounts of data in database applications that are also co-located with other users’ information. Thus, it is extremely important for the cloud supplier to provide a secure execution environment and secure communications for client applications and storage. 

Secure Execution Environment 

Configuring computing platforms for secure execution is a complex task; and in many instances it is not performed properly because of the large number of parameters that are involved. This provides opportunities for malware to exploit vulnerabilities, such as downloading code embedded in data and having the code executed at a high privilege level.
In cloud computing, the major burden of establishing a secure execution environment is transferred from the client to the cloud provider. However, protected data transfers must be established through strong authentication mechanisms, and the client must have practices in place to address the privacy and confidentiality of information that is exchanged with the cloud. In fact, the client’s port to the cloud might provide an attack path if not properly provisioned with security measures. Therefore, the client needs assurance that computations and data exchanges are conducted in a secure environment. This assurance is affected by trust enabled by cryptographic methods. Also, research into areas such as compiler-based virtual machines promises a more secure execution environment for operating systems.
Another major concern in secure execution of code is the widespread use of “unsafe” programming languages such as C and C++ instead of more secure languages such as object-oriented Java and structured, object-oriented C#.

Secure Communications 

As opposed to having managed, secure communications among the computing resources internal to an organization, movement of applications to the cloud requires a reevaluation of communications security. These communications apply to both data in motion and data at rest.

Secure cloud communications involves the structures, transmission methods, transport formats, and security measures that provide confidentiality, integrity, availability, and authentication for transmissions over private and public communications networks. Secure cloud computing communications should ensure the following: 

 Confidentiality — Ensures that only those who are supposed to access data can retrieve it. Loss of confidentiality can occur through the intentional release of private company information or through a misapplication of network rights. Some of the elements of telecommunications used to ensure confidentiality are as follows:

               Network security protocols
               Network authentication services  
               Data encryption services 

 

 Integrity — Ensures that data has not been changed due to an accident or malice. Integrity is the guarantee that the message sent is the message received and that the message is not intentionally or unintentionally altered. Integrity also contains the concept of non-repudiation of a message source. Some of the constituents of integrity are as follows:
               Firewall services
               Communications Security Management 
               Intrusion detection services 

 Availability — Ensures that data is accessible when and where it is needed, and that connectivity is accessible when needed, allowing authorized users to access the network or systems. Also included in that assurance is the guarantee that security services for the security practitioner are usable when they are needed. Some of the elements that are used to ensure avail- ability are as follows:

•        Fault tolerance for data availability, such as backups and redundant disk systems
  
•        Acceptable logins and operating process performances
  
•        Reliable and inter-operable security processes and network security
            mechanisms
  

Virtual Machines

What is Virtual Machine? Discuss VMM in detail. 


A virtual machine (VM) is an operating system OS or application environment that is installed on software which imitates dedicated hardware. The end user has the same experience on a virtual machine as they would have on dedicated hardware.

  Figure 1: VMM high level architecture

 

 

 

 

 

 

 

 

 

 

 

 

 

VMM high level architecture 

A VMM implementation is made of various core components that are required for every VMM installation.

The following components are central to each VMM installation:

• VMM server
• VMM database
• VMM Windows PowerShell cmdlet interface
• VMM administrator console
• VMM library
• Managed virtualization hosts
• VMM Self-Service Portal 
• Managed virtualization managers [ Optional ]
• OpsMgr management packs for monitoring, reporting and PRO [Optional] 

Managed virtualization managers and OpsMgr are optional components.

VMM Server and VMM Database 

The VMM server contains the core Windows service that includes VMM engine. The VMM database can reside either locally on VMM server or on a remote database server.

VMM Administrator Console 

It is main user interface for managing a virtualized infrastructure using VMM.
Administartor Console has five main views and one optional view :

1. Host view 
2. virtualized machines view 
3. Jobs view
4. Library view
5. Administration view
6. Reporting view [optional]

 

  

 


 

Trusted cloud computing

Define trusted cloud computing with suitable examples 

The trusted cloud computing platform (TCCP) provides a closed box execution environment by extending the concept of trusted platform to an entire IaaS backend. The TCCP guarantees the confidentiality and the integrity of a user’s VM, and allows a user to determine up front whether or not the IaaS enforces these properties.

Figure 1 : The components of the trusted cloud computing platform include a set of trusted nodes (N) and the trusted coordinator (TC). The untrusted cloud manager (CM) makes a set of services available to users. The TC is maintained by an external trusted entity (ETE).

TCCP enhances today’s IaaS backends to enable closed box semantics without substantially changing the architecture (Figure 1). The trusted computing base of the TCCP includes two components: a trusted virtual machine monitor (TVMM), and a trusted coordinator (TC).
Each node of the backend runs a TVMM that hosts customers’ VMs, and prevents privileged users from inspecting or modifying them. The TVMM protects its own integrity over time, and complies with the TCCP protocols. Nodes embed a certified TPM chip and must go through a secure boot process to install the TVMM.
The TC manages the set of nodes that can run a customer’s VM securely. We call these nodes trusted nodes. To be trusted, a node must be located within the security perimeter, and run the TVMM. To meet these conditions, the TC maintains a record of the nodes located in the security perimeter, and attests to the node’s platform to verify that the node is running a trusted TVMM implementation. The TC can cope with the occurrence of events such as adding or removing nodes from a cluster, or shutting down nodes temporarily for maintenance or upgrades. A user can verify whether the IaaS service secures its computation by attesting to the TC.

To secure the VMs, each TVMM running at each node cooperates with the TC in order to 1) confine the execution of a VM to a trusted node, and to 2) protect the VM state against inspection or modification when it is in transit on the network. The critical moments that re- quire such protections are the operations to launch, and migrate VMs. In order to secure these operations, the TCCP specifies several protocols.
We assume an external trusted entity (ETE) that hosts the TC, and securely updates the information provided to the TC about the set of nodes deployed within the IaaS perimeter, and the set of trusted configurations. Most importantly, sysadmins that manage the IaaS have no privileges inside the ETE, and therefore cannot tamper with the TC. We envision that the ETE should be maintained by a third party with little or no incentive to collude with the IaaS provider e.g., by independent companies analogous to today’s certificate authorities like VeriSign. 

Security Issues: Public, Private and Hybrid Cloud Computing

Model	Security issues	Cost issues	Control issues	Legal issues
Public	i) Least secure ii)Multi- tenancy iii)Transfers over the net	Setup: Highest Usage: lowest (pay for what you use)	Least control	Jurisdiction of storage
Private	Most secure	i) Setup: High ii)New operational processes are required	Most control	--
Hybrid	Control of security between Private and Public clouds	--	Least control	Jurisdiction of storage

 Security Issues In PUBLIC CLOUD
 
Public clouds are hardened through continual hacking attempts.
 
 1. Assessment of cloud service provider


Cloud service provider (CSP) should hold industry necessary certifications such as
 the SAS 70 Type II.


2. Security of the communication channels

As data can be accessed from multiple devices like mobile, laptop or thin client all the communication should be protected using encryption and key management.
 
3. Transparency of security processes 
 
Cloud service providers may not be able to explain their security processes for their own security reasons.
 
4. Compliance with regulations 

• Payment Card Industry Data Security Standard (PCI DSS)
• Health Insurance Portability and Accountability Act (HIPAA)
• Sarbanes-Oxley Act (SOA)
• Proper implementation of the CIA triad (Confidentiality, Integrity, Assurance)
• Geographical borders - The location of the customer’s data is significant. To safe guard server failure Public Cloud service providers will typically implement strong data replication mechanisms. This means that the customer’s data might be distributed across the globe in various geographies. This would conflict with the customer’s need/requirements to keep their data within a specified border(Microsoft Corporation,2011 

5. Potential of single security failure

During 2011 a new report from Privacy Rights Clearinghouse (PRC) says that companies must place on creating” straight privacy and security polices” as well as data holding polices. Also businesses could avoid “violates” simply by properly encrypting all sensitive information. Also we have to note that if encrypted data gets lost or stolen, it will not count ina data failure. 

6. Data loss : cross-tenat data leakage 

Weaknesses of shared network infrastructure components, such as weaknesses in a DNS server, Dynamic Host Configuration Protocol, and IP protocol weaknesses, may be enabled network-based cross-tenant attacks in an IaaS infrastructure.

Security Issues In PRIVATE CLOUD 

Private Clouds have the same security concerns as public Clouds. However, there are some specific security issues towards this Private Cloud model.As per the social TechNet articles the areas where IT decision makers have bear in mind with implementation of private cloud, are legality, data protection and compliance.

 

1. Security Control 

The organizations those who are using private cloud infrastructure should need to ensure that effective control of the new environment. The private cloud management architecture should enable management to view security aspects of the environment and show the current threat levels to the organization. The control oversight is to be provided through a web based dashboard that translates the security issues into understandable languages. 

2. Compliance 

Organizations such as health and financial operations fall under the auspices range of agreement requirements and regulations. With international organization it is possible that moving to private cloud different set of regulations may be followed by different countries to access data.

Security Issues In HYBRID CLOUD

1. Absence of data redundancy
 
Problems are inevitable for any cloud providers even though they took best efforts. Hybrid cloud is a complex system. That management has limited experience in managing and that creates great risk. Cloud architects need redundancy across data centers to moderate the impact of an outage in a single data center. A lack of redundancy can become a serious security risk in hybrid cloud, specifically if redundant copies of data are not distributed across data centers. It's easier to move virtual machine (VM) instances between data centers than between large data sets.
Cloud architects can implement redundancy using multiple data centers from a single provider or multiple public cloud providers or a hybrid cloud when you improve business continuity with a hybrid cloud, that shouldn't be the only reason to implement this model. You could save costs and attain similar levels of risk mitigation using multiple data centers from a single cloud provider. 

2. Compliance

In a hybrid cloud maintaining and demonstrating compliance are more difficult. Not only you have to ensure that your public cloud provider and private cloud are in compliance, but you also must demonstrate that the means of coordination between the two clouds is compliant.
For example if your company works with payment card data, you may be able to demonstrate that both your internal systems and your cloud provider are compliant with the Payment Card Industry Data Security Standard (PCI DSS). You have to ensure that the data moving between two clouds is protected with the introduction of a hybrid cloud..
In addition to that you'll need to ensure that card data is not transferred from a compliant database on a private cloud to a less secure storage system in a public cloud. Also the methods you use to prevent a leak on an internal system may not directly translate to a public cloud. 

3. Poorly constructed SLAs

You have to be very confident that your public cloud provider can consistently meet expectations detailed in the service- level agreement (SLA. Ascertain your private cloud live up to that same SLA. If not, you may need to create SLAs based on expectations of the lesser of the two clouds and that may be your private cloud.Collect data on your private cloud's availability and performance and look for potential problems with integrating public and private clouds that could disrupt service. For example, if a key business driver for the private cloud is keeping sensitive and confidential data on-premises, then your SLA should reflect the limits to which you can use public cloud for some services. 

4. Risk management
 
Information security is very difficult to manage risk for a business perspective. Cloud computing (hybrid cloud in particular) uses new application programming interfaces (APIs), requires complex network configurations, and pushes the limits of traditional system administrators' knowledge and abilities.These factors introduce new types of threats. 

5. Security management
 
The existing security controls such as authentication, authorization and identity management should work in both the private and public cloud. To integrate these security protocols, we have one of two options: Either replicate controls in both clouds and keep security data synchronized, or use an identity management service that provides a single service to systems running in either cloud. Allocate sufficient time during your planning and implementation phases to address what could be fairly complex integration issues.

• 
  
• 
  
• 
  

0. 
   

Parallel architectures and Row oriented vs colum oriented approach

Parallel Architectures

Parallel or concurrent operation has many different forms within a computer system. Using a model based on the different streams used in the computation process, we represent some of the different kinds of parallelism available. A stream is a sequence of objects such as data, or of actions such as instructions. Each stream is independent of all other streams, and each element of a stream can consist of one or more objects or actions. We thus have four combinations that describe most familiar parallel architectures:

1. (1)  SISD: single instruction, single data stream. This is the traditional uni- processor.
   
2. (2)  SIMD: single instruction, multiple data stream. This includes vector processors as well as massively parallel processors.
   
3. (3)  MISD: multiple instruction, single data stream. These are typically systolic arrays.
   
4. (4)  MIMD: multiple instruction, multiple data stream. This includes traditional multiprocessors as well as the newer networks of workstations.
   

Each of these combinations characterizes a class of architectures and a corresponding type of parallelism. 

Column Based Vs Row Based architecture

Sr No	Column Based	Row Based
1	A column oriented DBMS is a database management system that stores its content by column rather than the row.	A row oriented DBMS is a database management system that stores its content by row rather than the column.
2	Most data warehouse applications use only a few columns from a table during a typical single access, the resulting bandwidth savings can be substantial.	Whole row needs to be accessed
3	Column-based relational databases, on the other hand, have been de-signed from the ground up with that specify goal in mind.	Conventional approaches to data warehousing use traditional relational databases. How-ever, these were originally designed to sup-port transaction processing (OLTP) and do not have an architecture specifically designed for supporting queries.
4	Column-based approaches make complex queries feasible precisely because they opti-mise the capability of the warehouse in all of these other areas.	Complex queries tend to be slow or, in some cases, simply not achievable, not because of their complexity per se but because they com-bine elements of unpredictable queries and time-based or quantitative/qualitative queries and they frequently require whole table scans.
5	Because there is more data held within a specific space you can read more data with a single I/O, which means fewer I/Os per query and therefore better performance. Of course, the better the compression the greater the performance improvement and the smaller the overall warehouse, with all of the cost benefits that that implies.	Column based offer better performance than row based
6	The chief disadvantage of columnar databases is that they perform less satisfactorily in terms of import, export, bulk reporting and the efficient use of computer resources than do RDBMSs when required to carry out transactional processes.	Better for transactional processes.

HBase

HBase is a data model that is similar to Google’s big table designed to provide quick random access to huge amounts of structured data.

Features

• Linear and modular scalability.
• Strictly consistent reads and writes.
• Automatic and configurable sharding of tables
• Automatic failover support between RegionServers.
• Convenient base classes for backing Hadoop MapReduce jobs with Apache HBase tables.
• Easy to use Java API for client access.
• Block cache and Bloom Filters for real-time queries.
• Query predicate push down via server side Filters
• Thrift gateway and a REST-ful Web service that supports XML, Protobuf, and binary data encoding options
• Extensible jruby-based (JIRB) shell
• Support for exporting metrics via the Hadoop metrics subsystem to files or Ganglia; or via JMX 

HBase Architectural Components

Physically, HBase is composed of three types of servers in a master slave type of architecture. Region servers serve data for reads and writes. When accessing data, clients communicate with HBase RegionServers directly. Region assignment, DDL (create, delete tables) operations are handled by the HBase Master process. Zookeeper, which is part of HDFS, maintains a live cluster state.
The Hadoop DataNode stores the data that the Region Server is managing. All HBase data is stored in HDFS files. Region Servers are collocated with the HDFS DataNodes, which enable data locality (putting the data close to where it is needed) for the data served by the RegionServers. HBase data is local when it is written, but when a region is moved, it is not local until compaction.
The NameNode maintains metadata information for all the physical data blocks that comprise the files.

Map Reduce Model

Map Reduce model with example

The MapReduce programming model is clearly summarized in the following quote: 

“The computation takes a set of input key/value pairs, and produces a set of output key/value pairs. The user of the MapReduce library expresses the computation as two functions: map and reduce.
Map, written by the user, takes an input pair and produces a set of inter- mediate key/value pairs. The MapReduce library groups together all in- termediate values associated with the same intermediate key I and passes them to the reduce function.
The reduce function, also written by the user, accepts an intermediate key I and a set of values for that key. It merges together these values to form a possibly smaller set of values. Typically just zero or one output value is produced per reduce invocation. The intermediate values are supplied to the user’s reduce function via an iterator. This allows us to handle lists of values that are too large to fit in memory.” 

We also quote an example including pseudo-code:
”Consider the problem of counting the number of occurrences of each word in a large collection of documents. The user would write code similar to the following pseudo-code: 

map(String key, String value):
 // key: document name
 // value: document contents
 for each word w in value:

  EmitIntermediate(w, "1");

reduce(String key, Iterator values):
 // key: a word
 // values: a list of counts
 int result = 0;

 for each v in values:
  result += ParseInt(v);
 Emit(AsString(result));

The map function emits each word plus an associated count of occurrences (just ‘1’ in this simple example). The reduce function sums together all counts emitted for a particular word.” 

GFS vs HDFS

Cloud File System

Cloud file storage (CFS) is a storage service that is delivered over the Internet, billed on a pay-per-use basis and has an architecture based on common file level protocols such as Server Message Block (SMB), Common Internet File System (CIFS) and Network File System (NFS).

Difference between GFS and HDFS

Property	DFS	HDFS
Design Goals	  The main goal of GFS is to support large files        Built based on the assumption that terabyte data sets will be distributed across thousands of disks attached to commodity compute nodes.        Used for data intensive computing .        Store data reliably, even when failures occur within chunk servers, master, or network partitions.        GFS is designed more for batch processing rather than interactive use by users.	  One of the main goals of HDFS is to support large files.        Built based on the assumption that terabyte data sets will be distributed across thousands of disks attached to commodity compute nodes.        Used for data intensive computing .        Store data reliably, even when failures occur within name nodes, data nodes, or network partitions.        HDFS is designed more for batch processing rather than interactive use by users.
Processes	 Master and chunk server	 Name node and Data node
File Management	  Files are organized hierarchically in directories and identified by path names.        GFS is exclusively for Google only.	  HDFS supports a traditional hierarchical file organization        HDFS also supports third-party file systems such as CloudStore and Amazon Simple Storage Service.
Scalability	  Cluster based architecture        The file system consists of hundreds or even thousands of storage machines built from inexpensive commodity parts.        The largest cluster have over 1000 storage nodes, over 300 TB of disk storage, and are heavily accessed by hundreds of clients on distinct machines on a continuous basis.	Cluster based architecture        Hadoop currently runs on clusters with thousands of nodes.        E.g. Face book has 2 major clusters: - A 1100-machine cluster with 8800 cores and about 12PB raw storage. - A 300-machine cluster with 2400 cores and about 3PB raw storage. - Each (commodity) node has 8 cores and 12 TB of storage.        EBay uses 532 nodes cluster (8*532 cores, 5.3PB)        Yahoo uses more than 100,000 CPUs in >40,000 computers running Hadoop - biggest cluster: 4500 nodes(2*4cpu boxes w 4*1TB disk & 16GB RAM)          K.Talattinis et.al concluded in their work that Hadoop is really efficient while running in a fully distributed mode, however in order to achieve optimal results and get advantage of Hadoop scalability, it is necessary to use large clusters of computers
Protection	 Google have their own file system called GFS. With GFS, files are split up and stored in multiple pieces on multiple machines.  Filenames are random (they do not match content type or owner). There are hundreds of thousands of files on a single disk, and all the data is obfuscated so that it is not human readable. The algorithms uses for obfuscation changes all the time	  The HDFS implements a permission model for files and directories that shares much of the POSIX model.   File or directory has separate permissions for the user that is the owner, for other users that are members of the group, and for all other users
Security	Google has dozens of datacenters for redundancy. These datacenters are in undisclosed locations and most are unmarked for protection.        Access is allowed to authorized employees and vendors only. Some of the protections in place include: 24/7 guard coverage, Electronic key access, Access logs, Closed circuit televisions, Alarms linked to guard stations, Internal and external patrols, Dual utility power feeds and Backup power UPS and generators	  HDFS security is based on the POSIX model of users and groups.        Currently is security is limited to simple file permissions.        The identity of a client process is just whatever the host operating system says it is.        Network authentication protocols like Kerberos for user authentication and encryption of data transfers are yet not supported
Database Files	Bigtable is the database used by GFS. Bigtable is a proprietary distributed database of Google Inc.	HBase provides Bigtable (Google) -like capabilities on top of Hadoop Core.
File Serving	A file in GFS is comprised of fixed sized chunks. The size of chunk is 64MB. Parts of a file can be stored on different nodes in a cluster satisfying the concepts load balancing and storage management.	HDFS is divided into large blocks for storage and access, typically 64MB in size. Portions of the file can be stored on different cluster nodes, balancing storage resources and demand
Cache Management	  Clients do cache metadata.        Neither the sever nor the client caches the file data.        Chunks are stored as local files in a Linux system. So, Linux buffer cache already keeps frequently accessed data in memory. Therefore chunk servers need not cache file data.	  HDFS uses distributed cache        It is a facility provided by Mapreduce framework to cache application-specific, large, read-only files (text, archives, jars and so on)        Private (belonging to one user) and Public (belonging to all the user of the same node) Distributed Cache Files
Cache Consistency	Append-once-read-many model is adapted by Google. It avoids the locking mechanism of files for writing in distributed environment is avoided.        Client can append the data to the existing file.	HDFS’s write-once-read-many model that relaxes concurrency control requirements, simplifies data coherency, and enables high throughput access.        Client can only append to existing files (yet not supported)
Communication	  Chunk replicas are spread across the racks. Master automatically replicates the chunks.        A user can specify the number of replicas to be maintained.   The master re-replicates a chunk replica as soon as the number of available replicas falls below a user-specified number.	Automatic replication system.        Rack based system. By default two copies of each block are stored by different Data Nodes in the same rack and a third copy is stored on a Data Node in a different rack ( for greater reliability).      An application can specify the number of replicas of a file that should be maintained by HDFS .        Replication pipelining in case of write operations.
Available Implementation	GFS is a proprietary distributed file system developed by Google for its own use.	Yahoo, Facebook, IBM etc. are based on HDFS.