Skip to content

6. Secure Storage, Virtualization, and Cloud Computing

Virtualization 1

  • Virtualization is the process of creating a software-based, or virtual, representation of something, such as virtual applications, servers, storage, and networks. In other words, it is the process of simulating hardware and software in a virtual software environment.
  • Hypervisor:
    • It is software that creates and runs virtual machines.
    • It is also known as a virtual machine monitor (VMM).
    • It allocates and controls the sharing of machine resources such as memory, CPU, and storage.
  • Hypervisor types:
    • Type 1 (Bare Metal):
      • It runs directly on the host’s hardware to control the hardware and manage guest operating systems.
      • It expects no other operating system to be running on the host computer.
      • Examples: VMWare ESXi, Citrix XenServer, Microsoft Hyper-V, and KVM.
      • Resources must be pre-allocated to the virtual machines that run on the hypervisor, and then the OS and applications are installed on every VM.
      • Each VM is isolated from the others and has its own OS and applications.
      • Usually used in enterprise data centers.
    • Type 2 (Hosted):
      • It is installed on top of the host operating system.
      • It runs on a conventional operating system just as other computer programs do.
      • It intermediates between VMs and the host operating system and has no direct access to the hardware.
      • Each VM has a Guest OS that runs on the hypervisor, which in turn runs on the host OS.
      • It is often used for testing and development purposes on personal computers.
      • Examples: Oracle VM VirtualBox, Microsoft Virtual PC, and VMWare Workstation.

Virtualization Security in Cloud Computing 2

  • Depending on the degree and level of virtualization, there are:
    • Software virtualization.
    • Hardware virtualization.
    • Full virtualization.
    • Para-virtualization.

Security threats to virtualization in cloud computing

  • Threats during VM migration:
    • Migration means moving a VM from one physical host to another physical host.
    • Reasons for migrations: load balancing, fault tolerance, and maintenance.
    • Hot migration is done without shutting down the VM.
    • During the migration, VM content is moved through the network which exposes the VM to network attacks.
    • Threats: Data privacy and integrity loss, and data leakage.
  • Virtual machine escape attack:
    • In theory, VMs are isolated from each other and the host system.
    • In this attack, a VM program can bypass restrictions and run directly on the host system.
  • Rootkit attack:
    • It is a type of malware that is designed to gain administrative control over a computer system without being detected.
    • It can be installed on the host system or on a VM.
    • It is usually combined with other attacks such as Trojans and back doors.
    • Rootkit hides information by loading special drivers and modifying the system kernel.
  • Denial of Service (DoS) attack:
    • It is a VM that tries to get all available resources on the host system, which can cause a DoS attack on the host or other VMs.
  • Virtual machine monitor (hypervisor) problems:
    • If the hypervisor is compromised, all VMs running on it are also compromised.
    • If an attacker gains control over the hypervisor, they can control all VMs running on it.
  • Decoupling attacks on virtualization platforms:
    • In traditional single-server systems, the operating system and the hardware are tightly coupled and there are fewer possibilities for vulnerabilities.
    • In virtualized systems, the hypervisor decouples the operating system from the hardware, which increases the attack surface.
    • Every VM has its own set of vulnerabilities, and the hypervisor has its own set of vulnerabilities.
    • Although isolated, one vulnerable VM can make the entire system vulnerable.

Countermeasures for virtualization security problems in cloud computing

  • Security Regime of Hypervisor:
    • Improving the security of the hypervisor is crucial as it affects all VMs running on it.
    • Build lightweight hypervisors with fewer features to reduce the attack surface.
    • Protect the integrity of the hypervisor by using trusted computing technology.
    • Improve the defenses of the hypervisor by using virtual firewalls and limits on resource sharing.
  • Virtual machine security isolation:
    • VMs should run independently and not interfere with each other.
    • Use Security Memory Management (SSM) to encrypt data in memory using SSM controllers.
    • Use Security I/O Management (SIOM).
  • Virtual machine access control:
    • Reduce the risk of hidden information flow between VMs.
    • Better control over resource use and event sharing within VMs.
    • Use security models such as sHype, Chinese Wall, and BLP.
  • Virtual machine security monitoring:
    • Use VM introspection to monitor the behavior of VMs.
    • Put the monitoring module in the hypervisor as opposed to the VM to ensure that all logs are monitored.
  • Virtual trusted computing technology:
    • Use trusted computing technology to ensure the integrity of the hypervisor and VMs.

The Future of Data Storage Technologies 3

  • New data protection requirements from the government, like HIPAA regulations and data privacy laws, can add significant costs to storage devices.
  • Customers demand large storage space (from vacation photos to gaming data), and security for their personal information.
  • Allying AI to data storage:
    • AI can be used for managing, optimizing, and automating various aspects of data storage.
    • AI automates tasks such as backup scheduling, data classification, and storage resource optimization.
    • AI can dynamically change storage configurations based on usage patterns.
  • Helium Drives:
    • Traditional hard drives of rotating disks are filled with air, air resistance increases energy consumption and heat generation.
    • Filling HDDs with helium reduces air resistance, which reduces energy consumption and heat generation.
    • The problem now is that helium can not be trapped in the disk as it tends to escape.
  • DNA Data Storage:
    • In 2012 Harvard researchers managed to encode DNA with digital data.
    • It is storage-dense, stable, and can last for thousands of years.
    • 2.2 petabytes of data can be stored in a single gram of DNA.
    • A tea-spoon-sized DNA dusk can store all the data in the world.
    • It is drawbacks include slow read and write speeds, and high costs.
  • Crystal Technology:
    • This method involves using lasers to encode data in microscopic structures within glass surfaces.
    • It is often referred to as 5D data storage.
  • Frozen Data:
    • A new method of storing that requires creating molecules that store data, the problem is those molecules are unstable at room temperature and they need to be stored in really low temperatures to work.
  • 5D Optical Data Storage:
    • 5D storage will imply terabytes of data being carved into tiny glass disks in multiple layers, with femtosecond laser writing.
  • Shingled Magnetic Recording (SMR):
    • It is a new technology that allows for higher storage density, with no need for new materials or manufacturing processes.
    • It is also environmentally friendly.

The Future of Cloud Computing 4

  • The first instance of sharing computing resources and forms the basis of cloud computing today was the time-sharing model in the 1960s.
  • Salesforce was the first company in 1999 to provide access to business applications via its website.
  • Amazon launched AWS in 2006 to provide cloud computing and storage services.
  • Global spending on public cloud products is growing at an annual rate of 20.4% and is likely to reach $600 billion in 2023.
  • 51% of IT spending in these markets will go toward public cloud solutions by 2025, up from 41% in 2022.
  • 65.9% of application software spending will go towards the cloud in 2025, increasing from 57.7% in 2022.
  • Trends:
    • Quantum Computing.
    • Edge Computing.
    • Secure Access Service Edge (SASE).
    • Cloud Regions.
    • Green Cloud.

Cloud Computing Characteristics and Services 5

  • CSP: Cloud Service Provider.
  • Comparison of cloud computing service models:
Model Scope Managed By Security Level
Public Cloud General public and industries Cloud service providers Low
Private Cloud Single organization Organization High
Community Model Multiple organizations who have shared policies and concerns Cloud providers or the organizations themselves Medium
Hybrid Cloud Public + organization Cloud providers Medium

Cloud Computing Service Models

  • Infrastructure as a Service (IaaS):
    • CSP provides virtualized computing resources over the internet.
    • Physical resources are logically virtualized by CSP and sold to customers on a pay-as-you-go basis.
    • Example: hiring raw empty EC2 instances from AWS.
  • Platform as a Service (PaaS):
    • CSP provides a platform (virtualized resources + main software) over the internet.
    • Physical resources are logically virtualized by CSP and then main software is installed on them, and later sold to customers.
    • CSP is in charge of managing and updating both the infrastructure and the main software on it.
    • Example: hiring a Database server from AWS: the customer hires a VM + OS + main software (DBMS), which are all managed by AWS.
    • Drawbacks:
      • Vendor lock-in: The customer is tied to the CSP’s platform and cannot easily migrate to another platform.
      • Limited flexibility: The customer is limited to the features and capabilities of the platform.
    • Benefits:
      • Community: Many people are involved in the development of the platform, so it is more likely to be secure and reliable.
      • No more updates: The CSP is in charge of updating the platform which saves time and effort for the customer.
      • Lower costs: The customer does not need to buy and maintain the platform, nor hire specialists to manage it.
  • Software as a Service (SaaS):
    • CSP provides software over the Internet.
    • The customer does not need to install the software on their own computer and can access it from anywhere.
    • Example: Gmail.
    • Drawbacks:
      • Data security: The customer’s data is stored on the CSP’s servers, which can be a security risk.
      • Limited customization: The customer is limited to the features and capabilities of the software.
  • Recovery as a Service (RaaS):
    • CSP provides backup and recovery services over the Internet.
    • CSP automates the backup and recovery process, and the customer can access their data from anywhere.
    • Example: WindStream.

Characteristics of Cloud Computing

  • On-demand self-service: The customer can access the cloud resources without human intervention.
  • Cost-effectiveness: The customer only pays for the resources they use, and no need to purchase anything upfront.
  • Broad network access (mobility): The customer can access the cloud resources from anywhere with an internet connection.
  • Resource pooling: The CSP’s resources are pooled to serve multiple customers, and the customer has no control over the exact location of the resources.
  • Rapid elasticity: The customer can quickly scale up or down the resources they use.
  • Measured service: The customer can monitor and control the resources they use, and the CSP can automatically control and optimize the resources.
  • Multi-tenancy: The CSP’s resources are shared among multiple customers, resources are shared at the network level, host level and application level.
  • Scalability: The CSP can quickly add more resources to the cloud to meet the customer’s needs.
  • Reliability: The customer data is replicated across multiple servers, so if one server fails, the customer data is still available.
  • Economics of scale: CSPs’ data centers should be located in areas where it is easy to get cheap electricity and cooling, and where there is a good supply of skilled labor.
  • Customization: The customer can customize the cloud resources to meet their specific needs.
  • Efficient resource utilization: The CSP should aim for no idle resources, idle resources should be terminated or put a sleep until they are needed.
  • Virtualization: virtualization is at the heart of cloud computing.

Cloud Computing Challenges

  • Data protection:
    • The customer’s data is stored on the CSP’s servers, which can be a security risk.
    • The location of the data is unknown to the customer.
  • Data recovery and availability:
    • CSP is responsible for:
      • Data replication.
      • Clustering and failover.
      • Monitoring: transactions, logs, and events.
      • Disaster recovery.
      • Capacity and performance management.
      • Maintenance and patching.
    • If the CSP fails short in any of these areas, the customer is affected.
  • Management capabilities:
    • The management of infrastructure, platforms, and software is still in its infancy.
    • There are a lot of improvements to be made in this area
    • Features like: dynamic scaling and dynamic resource allocation are still not fully developed, but yet they are crucial for the success of cloud computing.
  • Regulatory compliance:
    • In some European countries, Government regulations do not allow customer’s personal information and other sensitive information to be physically located outside the state or country.
    • CSPs’ compliance with these regulations is a challenge.

Virtualization and its Role in Cloud Computing Environment 6

  • NIST has listed five essential characteristics of cloud computing which include on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service.
  • Virtualization techniques:
    • Emulation:
      • The simulated environment runs as a software process on the host operating system, there is no actual virtualization for each program; however, the emulator itself is virtualized.
      • Emulation provides enormous flexibility to the guest operating system but the speed of the translation process is low compared to the hypervisor and requires a high configuration of hardware resources to run the software.
    • Full virtualization:
      • Each VM is completely isolated from the host and other VMs with its own OS and share of resources.
    • Para-virtualization:
      • The guest OS is modified, thus it does hyperCalls instead of sysCalls.
      • hyperCalls are calls to the hypervisor to request resources, which in turn are passed as sysCalls to the host OS.
  • Virtualization types:
    • Server Virtualization:
      • The most common type of virtualization in cloud computing.
      • It has three types: Full Virtualization, Para-virtualization, and Partial Virtualization.
    • Client Virtualization:
      • It is the process of abstracting the desktop environment and operating system from the physical client device that is used to access it.
      • Example: VM for accessing a remote desktop.
    • Storage Virtualization:
      • It is the process of abstracting logical storage from physical storage.
      • It has three kinds: DAS: Direct Attached Storage, NAS: Network Attached Storage, and SAN: Storage Area Network.

References

‌ ‌ ‌

‌ ‌

  1. PowerCert Animated Videos. (2022). Virtualization Explained [YouTube Video]. In YouTube. https://www.youtube.com/watch?v=UBVVq-xz5i0 

  2. Chen, L., Xian, M., Liu, J., & Wang, H. (2020). Research on Virtualization Security in Cloud Computing. IOP Conference Series: Materials Science and Engineering, 806(1), 012027–012027. https://doi.org/10.1088/1757-899x/806/1/012027 and https://iopscience.iop.org/article/10.1088/1757-899X/806/1/012027/pdf 

  3. Montini, H. (2020, March 10). The Future of Data Storage Technologies - What to Expect in 2024 - SalvageData. SalvageData; SalvageData Recovery. https://www.salvagedata.com/future-of-data-storage-technologies/ 

  4. Technical, P. (2022, June 24). The Future of Cloud Computing: 5 Trends You Must Know About. Netapp.com; Netapp. https://bluexp.netapp.com/blog/cvo-blg-the-future-of-cloud-computing-5-trends-you-must-know-about 

  5. Rashid, A. (2019). Cloud Computing Characteristics and Services: A Brief Review. 7(2), 421–426. https://www.ijcseonline.org/full_paper_view.php?paper_id=3680 and https://www.ijcseonline.org/pdf_paper_view.php?paper_id=3680&70-IJCSE-05826.pdf 

  6. Rashid, A. (2019). Virtualization and its Role in Cloud Computing Environment. 7(4), 1131–1136. https://www.ijcseonline.org/full_paper_view.php?paper_id=4177 and https://www.ijcseonline.org/pdf_paper_view.php?paper_id=4177&194-IJCSE-06693.pdf