Table of Contents
- Overview of cloud computing
- Benefits of cloud computing
- Distributed application framework over clouds
- Limitations of cloud computing
- Proposed solutions to the attack problems
Cloud computing has developed as a novel technology capable of using the Internet to host and deliver services. The technology has been assimilated by various businesses since it eliminates the requirement for users to plan ahead for functions such as provisioning. The technology allows enterprises only to increase resources when there is the demand for the service. Even though cloud computing offers many benefits, it is still in its young stages, leaving many issues to be addressed. This paper will give a survey of cloud computing as a whole, touching on its key concepts, architectural principles, and its state-of-the-art implementation.
Emerging information technologies have fully transformed the way businesses, institutions, and governments operate. The technologies have come along with high levels of efficiency and reliability, significantly cutting the operational costs of the users. Vendors of these technologies have taken advantage of this adoption and have engaged in competition with each other, much of which benefits the end user. Cloud computing is one the latest technologies. Cloud computing is better viewed as a model, bringing together a combination of existing technologies that facilitate running of businesses in a different and better way. Examples of such technologies include virtualization and utility-based pricing which have been in the market for quite some time.
It combines these technologies to cater for the increased technological and economical requirements of the current field of information technology. Cloud computing is a model that offers a convenient access to a large pool of shared configurable computing resources, which can be shared with the least management effort since they are only released on demand. The resources include servers, networks, services, storage, and applications. Amazon, Google, and Microsoft are the largest vendors of cloud computing. The technology has been necessitated by the rapidly increasing need for processing and storage of data. The internet has made it possible to develop such a technology. In cloud computing, resources such as CPU and storage are categorized as general utilities that can be hired out to other users through the internet, in a fashion known as on-demand. In this technology, there are infrastructure providers who are tasked with the management and leasing out of the cloud platforms (Zhang, Cheng & Boutaba, 2010).
There are also service providers, who, on the other hand, rent resources from the infrastructure providers to the end users. This paper will go in the details of cloud computing technology, focusing on its state-of-the-art, benefits, and its future.
Overview of Cloud Computing
Cloud computing is related to various technologies such as grid computing, utility computing, autonomic computing, and virtualization.
Grid computing is a form of computing model that facilitates coordination of networked resources to realize a common objective of computation. Just like grid computing, cloud computing uses distributed resources to achieve computational objectives at the application-level. Cloud computing is, however, much advanced since it leverages virtualization technologies at both hardware and application platforms to facilitate resource sharing and dynamic provisioning of resources (Zhang, Cheng & Boutaba, 2010).
Utility computing, on the other hand, avails resources on-demand and charges the customers based on usage rather than on a flat rate. Cloud computing is related to utility computing in that it also adopts a utility-based pricing scheme. This allows service providers to maximize true utilization of resources and at the same time minimize operational costs (Zhang, Cheng & Boutaba, 2010).
Virtualization is a technology that provides virtualized resources for high-level usage. This technology is the basis of cloud computing since it allows pooling of computing resources from distributed servers and effectively assigns and reassigns virtual resources to applications as demanded (Zhang, Cheng & Boutaba, 2010).
Autonomic computing is another technology that builds computing systems which can manage themselves. The goal of autonomic computing is to eliminate the problem of managing the complexity of computer systems. Cloud computing also contains some autonomic features but is dedicated to lowering the costs of resources rather than reducing the complexity of the computer systems (Zhang, Cheng & Boutaba, 2010). Cloud computing, therefore, uses virtualization technology to provide computing resources as a utility. It, therefore, has some certain aspects of a grid and autonomic computing though it differs from them in other aspects (Zhang, Cheng & Boutaba, 2010).
Benefits of Cloud Computing
Cloud computing is offering solutions to many of the problems faced by businesses. The solutions are in this case discussed as the benefits of the cloud technology. Cloud computing requires no up-front investment. This is simply because it uses a pricing model called pay-as-go. This means the service provider does not need make investments in the infrastructure for him to gain from cloud computing. Renting of resources is from the cloud depending on the needs, and payment made according with the usage (Velte & Elsenpeter, 2009).
The technology has also solved the problem of scalability. It is highly scalable, and pooled resources from data centers are made easily accessible. Depending on the demand, the service provider can easily expand the service to large scales so as to handle the high demands. This type of a model is called surge-computing (Velte & Elsenpeter, 2009).
Cloud computing also lowers operational cost. In a cloud computing milieu, resources are allocated and de-allocated on demand. This saves the service provider the cost of providing capacities as per the peak load. As a result, huge savings are made on the operational costs when demand for the service is low. Moreover, cloud computing offers easy accessibility to services. This is because the services in the cloud are based on the web. The services can, therefore, be easily accessed via different devices, such as cell phones, PDAs, laptop and desktop computers provided they are linked to the Internet (Velte & Elsenpeter, 2009).
Use of cloud computing also reduces risks and unnecessary expenses of maintenance by the service provider. The service provider outsources the service infrastructure to the clouds, shifting the business risks such as hardware failures to the infrastructure providers. The infrastructure providers have better expertise and are well equipped in the management of such risks. The service provider can additionally reduce the hardware maintenance and the costs on staff training (Velte & Elsenpeter, 2009).
Cloud computing utilizes various state-of-the-art technologies. Discussed below are the technologies used in cloud computing environments. The architectural design of data centers. It is impossible to discuss cloud computing without investigating data centers, which forms a central part of cloud computing. A data center contains several devices like servers, routers, and switches. The network of these devices is carefully arranged to realize the maximum performance of the applications in the distributed computing environment. Other factors such as scalability and resilience have to be carefully considered in the network. The largest data centers currently use a layered approach. The layers of the data center are comprised of the core, aggregation, and access layers. In the access layer, servers are physically connected to the network. The servers are each connected to access switches with a link of 1 Gbps. Access switches, on the other hand, connect to two aggregation switches for redundancy with 10 Gbps links. The aggregation layer provides functions such as domain service, location service, and server load balancing. Connectivity to multiple aggregation switches is facilitated by the core layer which also provides a resilient routed fabric without points of failure. Management of traffic in and out of the data center is facilitated by core routers. Such a network allows the data center network architecture to achieve the following objectives (Zhang, Cheng & Boutaba, 2010).
The objective of uniform high capacity. Assignment of servers to a service should not be dependent on the network topology. A host in the data center should allow communication with hosts in the network at the full bandwidth of its local network interface. A proper network architecture should also meet the objective of allowing free VM migration. Virtualization should allow migration of a VM (virtual migration) from one physical machine to another.in cloud computing, migration of VMs may be done for statistical multiplexing or dynamic change of communication patterns so as to acquire a high bandwidth for tightly coupled hosts or for achievement of variable heat distribution and power convenience in the data center. In order to support rapid virtual machine migration, a communication topology should be designed (Zhang, Cheng & Boutaba, 2010).
The network should also meet the objective of resiliency so as to avoid failures which are common at scale. An effective network should fault-tolerant to avoid various types of server failures, server-rack failures or link outages. This should not, however, affect the underlying physical connectivity of the network (Zhang, Cheng & Boutaba, 2010).
Scalability is another important objective to be met. The network infrastructure should be able to scale to a large number of servers in readiness for incremental expansion. Backward compatibility is another important objective to be considered in the design of a network infrastructure. The network infrastructure should be fully compatible with the routers and switches which run Ethernet and IP. Existing data centers have both IP and Ethernet based devices and should, therefore, be assimilated in the new architecture without major modifications (Zhang, Cheng & Boutaba, 2010).
Distributed Application Framework Over Clouds
Modern data centers have adopted clusters of servers for use in computation and data-intensive jobs such as film animation. Google has introduced MapReduce, which is a software for supporting distributed computing on large data sets on clusters of computers. The software has inspired Hadoop MapReduce project which has seen many organizations using it to run large data-intensive computations (Armbrust et al., 2010).
There are various commercial products of cloud computing that have been introduced into the market by various dealers. One such product is the Amazon EC2 (Elastic Compute Cloud), from Amazon Web Services (AWS). This set of cloud services provides cloud-based computation, and storage enabling organizations and individuals to deploy applications and services based on an on-demand manner and at commodity prices. The Web Services offered by Amazon can be accessed over HTTP, using REST and SOAP protocols. Using the Amazon EC2, users can launch and manage server instances in data centers by using available tools and utilities or APIs. The EC2 instances allow users full control of the entire software stack, a feature which makes it difficult for Amazon to automatically scale resources. A secure bridge called Amazon Virtual Private Cloud (VPC) exists between a company’s existing infrastructure and the AWS cloud. Through the Amazon VPC, enterprises can connect their existing infrastructure to isolated AWS compute resources via a Virtual Private Network (VPN) connection. The enterprises can also extend their existing management capabilities such as security services, intrusion detection systems, and firewalls to include their AWS resources (Armbrust et al., 2010).
Microsoft Windows Azure platform is another example of a cloud computing product. The platform consists of three components each of which provides a specific set of services to the cloud users. The Windows-based platform runs applications and store data on servers in data centers. For instance, SQL Azure offers data services in the cloud based on an SQL server; while .NET Services provide distributed infrastructure services local applications that are cloud based. The Windows Azure platform can be used by applications running in the cloud and the ones running on local systems.
Google has also not been omitted in the provision of cloud services. Google has an app engine which is a platform for traditional web applications found in data centers managed by Google. The app currently supports Python and Java programming languages. Google deploys clusters for handling failovers, monitoring and launching of application instances as demanded. Current APIs features make HTTP requests and caching by supporting features such as storage and retrieval from BigTable non-relational databases. Amazon, Microsoft, and Google offer cloud solutions based on different levels of abstraction, and, therefore, users can only choose the solutions depending on their specific business requirements.
Limitations of Cloud Computing
Since cloud computing is a combination of many technologies such as Web and virtualization, any vulnerability in any of these underlying technologies renders the Cloud insecure since it can easily be attacked. Despite the many advantages of cloud computing, security of the technology remains a major concern. Utilization of the Cloud infrastructure has the limitations revolving around security, privacy and trust. From the perspective of both providers and end users, security is a significant issue. There are certain attributes of the Cloud which attackers can target to launch attacks whose consequences are difficult to detect or prevent in a public Cloud. Such attacks will affect more users and cause more losses of assets. The attributes of cloud computing include ubiquitous network access. Cloud consumers can access the resources and services provided by CSP, when using the Internet or via conventional devices (Hofmann & Woods, 2010).
Multi-tenancy is another of such attributes. Different consumers may have their virtual machines in a public IaaS cloud. Since these VMs may correspond with other consumers’ VMs on the same physical server, there are lower resource usage costs as compared to traditional environments and private clouds. Multi-tenancy does not exist in a private cloud since there is only one consumer who utilizes the cloud resources. This is nevertheless, a vital attribute in all public clouds (Hofmann & Woods, 2010).
Another attribute of cloud computing is off-premise infrastructure, whereby in a public Cloud, infrastructure is owned and taken care of by a third party and is located outside the consumer’s organization. Consequently, the consumer does not have physical control over his resources, and can only rely on the security measures provided by CSP. This attribute contributes as a major security concern for any cloud consumer.
Attackers can target any of the three attributes discussed above to execute their attacks. When an attack is executed in the cloud via exploitation of any of the cloud attributes, then it means the attribute has contributed to increased motivation of attack and attack consequence. This makes detection and prevention of specific attacks more challenging in the public environments as compared to those in non-cloud environments (Hofmann & Woods, 2010). Additionally, the attacks can be classified based on the notion of attack surfaces. The attacks can be on any of the three major participants in a cloud environment: services, users, and the cloud provider. Research has shown that there are a combination of six possible interactions in which an attack in the cloud exploits these surfaces (Mahmood, 2014).
Since cloud computing is built on three core technologies of web applications and services, virtualization, and cryptography, then it means a vulnerability is cloud-specific. The vulnerability is caused due to NIST’s essential cloud characteristics resulting from inefficiency of the conventional security controls in the cloud.
Cloud security issues can be categorized into three groups; data security, virtualization, and application-related security. Each of these categories have their threats. There are two types of threats, those arising from leased resources instead of owned ones, and those caused by having shared instead of dedicated resources. The first group of threats involves threats to infrastructure assembly, contractual threats, jurisdiction and legal threats. The second group of threats, on the other hand, consists of threats from tenants, legal and jurisdictional threats (Chen, Paxson & Katz, 2010).
Consumer confidentiality may be infringed upon due to the multi-tenancy attribute common in public Clouds which enable multiple VMs to share the physical machine. This raises the vulnerability of a side channel attack. Side channel attacks consist of two main steps: placement and extraction. In the first step, the placement, the attacker tries to put his malicious virtual machine on the same physical machine as that of the target consumer. Research has shown that on an Amazon EC2 public cloud, chances of placing the malicious VM on the right physical machine can be increased. When the attacker manages to place the VM on the target, he moves forward to the next step of extracting confidential information via a cross-VM attack. This can be done through side channels which involve leaking information due to sharing of physical resources such as a CPU’s data cache. Another technique of leaking information is through cloud cartography. In this technique, the EC2 service can be used to make a well-calculated guess of the location of the potential target VMs (Chen, Paxson & Katz, 2010).
Proposed Solutions to the Attack Problems
Since security is the major concern of cloud computing systems, various solutions have been suggested to minimize the losses which can result from attacks. For instance, Amazon EC2 uses a mitigation technique to change the processor cores among VMs as a way of decreasing the chances of successful attacks. Another technique for reducing attacks is called HomeAlone. The technique allows a tenant to make a verification of the residency of the physical machine on which their VMs are operating. This particularly happens when the tenant has purchased isolated resources from CSP, but verification of the physical isolation of their VMs is needed. This technique uses an L2 memory as a defensive detection tool (Godfrey & Zulkernine, 2013).
The other proposed solution for mitigation of side-channel attacks includes obscuring the internal structure of the services and VM placement policy. If CSPs embrace this solution, then the placement procedure for an attacker will be complicated. Another approach is minimizing the information that can be leaked once an attack occurs. Cache-based side-channel attacks can also be mitigated through a server-side approach, as proposed by Godfrey et al. this can be done by modifying the Xen hypervisor such that a cache flush occurs only when there is a change of a switch to a VM that can establish a side-channel with the first (Godfrey et al., 2013). However, the best solution would be the one in which a consumer is allowed to utilize the resources of physical machine exclusively. Even though this would come with high costs due to underutilization of the resources, the consumer will ensure such attacks do not occur (p. 163-170).
Cloud computing is one of the paradigms that has combined several technologies to form a model that has found application in many areas due to its numerous benefits. It operates by managing and delivering services over the Internet. Increased use of cloud computing has completely transformed the information technology industry, bring utility computing into a reality. However, the technology has been faced with a lot of challenges, especially on the security and confidentiality issues. The current technologies of cloud computing have not yet matured enough for them to realize their full potential. Challenges include automatic resource provisioning, power management, and security problem. This shows that there is still an unexploited area of research. If these challenges are overcome, cloud computing can attain its full potential. Since the development of cloud computing is still at an infant stage, a lot of improvements are expected to come. The improvements will cover on the state-of-the-art of the technology, covering the architectural designs, various characteristics, and the involved key technologies. All in all, cloud computing remains a favorite for many even in its current stage.
- Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., … & Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.
- Chen, Y., Paxson, V., & Katz, R. H. (2010). What’s new about cloud computing security. University of California, Berkeley Report No. UCB/EECS-2010-5 January, 20(2010), 2010-5.
- Godfrey, M., & Zulkernine, M. (2013, June). A server-side solution to cache-based side-channel attacks in the cloud. In Cloud Computing (CLOUD), 2013 IEEE Sixth International Conference on (pp. 163-170). IEEE.
- Hofmann, P., & Woods, D. (2010). Cloud computing: the limits of public clouds for business applications. Internet Computing, IEEE, 14(6), 90-93.
- In Mahmood, Z. (2014). Cloud computing: Challenges, limitations and R & D solutions
- Velte, T., Velte, A., & Elsenpeter, R. (2009). Cloud computing, a practical approach. McGraw- Hill, Inc..
- Zhang, Q., Cheng, L., & Boutaba, R. (2010). Cloud computing: state-of-the-art and research challenges. Journal of internet services and applications, 1(1), 7-18.