عنوان مقاله
چشم اندازهای امنیت به واسطه محاسبه ابری با اقتباس ابریهای متعدد
فهرست مطالب
مقدمه
مسائل ، مشکلات و چالش های مربوط به امنیت ابری
چشم اندازهای امنیت ابری
مطالعات موردی
نتیجه گیری
بخشی از مقاله
پارتیشن بندی یا تقسیم بندی سیستم کاربردی به ردیف های مختلف
به منظور کاهش ریسک نشت و نفوذ داده های نامطلوب به خاطر عیوب و نقایص منطق برنامه کاربردی، جداسازی ردیف های سیستم کاربردی و تخصیص آنها به ابریهای مجزا پیشنهاد شده است (شکل 2). در مورد نقص یک برنامه کاربردی، داده ها بلافاصله در معرض ریسک قرار می گیرند، زیرا از لحاظ فیزیکی جدا و با یک طرح کنترل دسترسی مستقل، ازآن محافظت به عمل آمده است.
کلمات کلیدی:
Security Prospects through Cloud Computing by Adopting Multiple Clouds Meiko Jensen, Jorg Schwenk ¨ Chair for Network and Data Security Horst Gortz Institute for IT-Security ¨ Ruhr-University Bochum, Germany {meiko.jensen, joerg.schwenk}@rub.de Jens-Matthias Bohli, Nils Gruschka NEC Laboratories Europe Heidelberg, Germany {bohli, gruschka}@neclab.eu Luigi Lo Iacono European University of Applied Sciences Bruhl, Germany ¨ l.lo iacono@eufh.de Abstract—Clouds impose new security challenges, which are amongst the biggest obstacles when considering the usage of cloud services. This triggered a lot of research activities in this direction, resulting in a quantity of proposals targeting the various security threats. Besides the security issues coming with the cloud paradigm, it can also provide a new set of unique features which open the path towards novel security approaches, techniques and architectures. This paper initiates this discussion by contributing a concept which achieves security merits by making use of multiple distinct clouds at the same time. Keywords-Cloud; Security; Intercloud; Application Partitioning; Tier Partitioning; Multi-party Computation I. INTRODUCTION Cloud computing offers dynamically scalable resources provisioned as a service over the Internet. The third-party, on-demand, pay-per-use and seamlessly scalable computing resources and services offered by the cloud paradigm promise to reduce capital as well as operational expenditures for hardware and software. Recent figures published by the pioneering cloud service providers show that this has been recognized and partially already adopted by cloud users [1]. At the end of the fourth quarter of 2009, 102 Billion objects have been stored in Amazon’s Simple Storage Service (S3) [5]. At the end of the fourth quarter of 2010, the number of objects stored in S3 grew by 257% to 262 Billion. Thus, the cloud is a successful business model, and it is foreseen to remain important in the future [2]. As one consequence of this success, the number of cloud service providers offering cloud services increased so that cloud users now have a rich set of services to choose from. In the following some prominent examples will be named while further introducing cloud foundations. One way of categorizing clouds takes the physical location from the viewpoint of the user into account [3]. A Public Cloud is offered by third-party service providers and involves resources outside the user’s premises. In case the cloud system is installed on the user’s premise—usually in the own data center—this setup is called Private Cloud. A hybrid approach is denoted as Hybrid Cloud. This paper will concentrate on Public Clouds, since these services demand for the highest security requirements but also— as this paper will start arguing—includes high potential for security prospects. Another categorization depends on the type of resources or services delivered by the cloud and distinguishes three distinct layers [3]. Infrastructure-as-a-Service (IaaS) is the name for cloud environments that provide their users with basic infrastructure facilities including CPU, memory, and storage instances. These infrastructure components are operated and maintained by the IaaS provider. The most prominent examples of this type of cloud services are Amazon’s Elastic Compute Cloud (EC2) [4], the aforementioned Amazon’s Simple Storage Service (S3) [5], Savvis Symphony [6], and RackSpace Cloud [7]. Platform-as-a-Service (PaaS) describes a platform delivery model. Here, the cloud provider offers specific runtime environments to be used in the user’s own application contexts. Examples would be providing database services or specific application runtime environments. On top of these platforms, the cloud user is able to implement and operate own applications. Hence, the PaaS provider is responsible for providing the hardware and the particular platform (including update management and bug fixing), and the cloud user is responsible for the specific implementations that use the given platform APIs. Examples for PaaS offerings are Google’s App Engine [8] for Web application development, Microsoft SQL Azure [9] for databases, and Cloudscale [10] for real-time data analysis tasks. Software-as-a-Service (SaaS) refers to the approach of providing a full software application most commonly via browser-based techniques. Here, the cloud provider is responsible for all parts of the application stack: hardware, operating system, application runtime, and the software implementation itself. The cloud users in this scenario are humans that interact with the cloud services via browser interfaces. Popular examples include Salesforce for a Customer Relationship Management (CRM) system [11] and the provisioning of office suites by Google [12] and Zoho [13]. All of the three layers share the commonality that the end-