A Seminar Report on

Virtualization Techniques in Cloud

. Computing
Project Report Submitted in Partial Fulfillment of BE IT Final Year

Bachelor of Engineering
in
Information Technology
Submitted by
Ramesh Dan: 15ITE30022

Under the Supervision of

Prof. Nemi Chand Barwar
(Professor)

Department of Computer Science and Engineering

M.B.M. Engineering College
Faculty of Engineering & Architecture
Session 2018-19

SECURITY IN CLOUD COMPUTING Page 1

 Department of Computer Science & Engineering
M.B.M. Engineering College, Jai Narain Vyas University
Ratanada, Jodhpur, Rajasthan, India –342011

CERTIFICATE

This is to certify that the work contained in this report entitled “Virtualization
Techniques in Cloud Computing” is submitted by Ramesh Dan (Roll no.
15ITE30022) to the Department of Computer Science & Engineering, M.B.M.
Engineering College, Jodhpur, for the partial fulfilment of the requirements for the
degree of Bachelor of Engineering in Information Technology.

They have carried out their work under my supervision. This work has not been
submitted else-where for the award of any other degree or diploma.

The project work in my opinion, has reached the standard fulfilling of the requirements
for the degree of Bachelor of Engineering in Information Technology in accordance
with the regulations of the Institute.

Prof. Nemi Chand Barwar Dr. Anil Gupta

Professor Head of Department
Dept. of Computer Science & Engg. Dept. of Computer Science & Engg.
M.B.M. Engineering College, Jodhpur M.B.M. Engineering College, Jodhpur

SECURITY IN CLOUD COMPUTING Page 2

DECLARATION

I, Ramesh Dan hereby declare that this seminar/project titled “Virtualization

Techniques in Cloud Computing” is a record of original work done by me under the
supervision and guidance of Prof. Nemi Chand Barwar.

I, further certify that this work has not formed the basis for the award of the
Degree/Diploma/Associateship/Fellowship or similar recognition to any candidate of
any university and no part of this report is reproduced as it is from any other source
without appropriate reference and permission.

(Ramesh Dan)
7th Semester, IT
Enroll. – 14R/56358
Roll No. – 15ITE30022

SECURITY IN CLOUD COMPUTING Page 3

 ACKNOWLEDGEMENT

The satisfaction that accompanies that the successful completion of any task would be
incomplete without the mention of people whose ceaseless cooperation made it
possible, whose constant guidance and encouragement crown all efforts with success.
We are grateful to our project guide Prof. Nemi Chand Barwar for the guidance,
inspiration and constructive suggestions that helpful us in the preparation of this project.
We also thank our colleagues who have helped in successful completion of the project.

SECURITY IN CLOUD COMPUTING Page 4

 ABSTRACT

In Internet, cloud computing plays an important role to share information and data.
Virtualization is an important technique in the cloud environment to share data and
information. It is also important computing environment to enables academic IT
resources or industry through on-demand dynamically allocation. The main aim of this
research paper is to explore the basic knowledge terms of the virtualization and how
virtualization works in cloud system. We will explain about how to maintain the
virtualization with optimized resources such as storage, network, application, server,
and client in cloud computing. We will compare different open-source-based
hypervisors or virtual monitor machines (VMM) that are in use today, and we will
discuss several issues of virtualization which will be very helpful to the researchers for
further study.

SECURITY IN CLOUD COMPUTING Page 5

Contents
1. Introduction…………………………………………………………. 01

1.1. Understanding Cloud Computing

1.2 Benefits of Cloud Computing

1.3 Cloud Computing Models
1.3.1 Service models
1.3.2 Deployment model
1.4 Cloud computing issues
1.4.1 Threats
2. Virtualization………………………………………………….…… 20
2.1 What is Virtualization?
2.2 Architecture
2.3 Benefits
2.4 How does Virtualization work?
2.5 Types of Virtualization in Cloud Computing
2.6 Virtualization vs Cloud Computing

3. Conclusion…………………………………………………………… 30
4.1 Summary
4.2 Future scope

References…………………………………………………………………

SECURITY IN CLOUD COMPUTING Page 6

Chapter 1
INTRODUCTION

For the last three decades, one trend in computing has been loud and clear: big,
centralized, mainframe systems have been "out"; personalized, power-to-the-people, do-
it-yourself PCs have been "in." Before personal computers took off in the early 1980s, if
your company needed sales or payroll figures calculating in a hurry, you'd most likely
have bought in "data-processing" services from another company, with its own
expensive computer systems, that specialized in number crunching; these days, you can
do the job just as easily on your desktop with off-the-shelf software. Or can you? In a
striking throwback to the 1970s, many companies are finding, once again, that buying in
computer services makes more business sense than do-it-yourself. This new trend is
called cloud computing and, not surprisingly, it's linked to the Internet's inexorable
rise. What is cloud computing? How does it work? Let's take a closer look!

1.1 Understanding Cloud Computing

Cloud computing is the on demand availability of computer system resources, without

direct active management by the user. Simply put, cloud computing is the delivery of
computing services—servers, storage, databases, networking, software, analytics,
intelligence and more—over the Internet (“the cloud”) to offer faster innovation,
flexible resources and economies of scale. You typically pay only for cloud services
you use, helping lower your operating costs, run your infrastructure more efficiently and
scale as your business needs change. The term is generally used to describe data centers
available to many users over the Internet. Large clouds, predominant today, often have
functions distributed over multiple locations from central servers.

Clouds may be limited to a single organization (enterprise clouds,) be available to many

organizations (public cloud,) or a combination of both (hybrid cloud.) The largest public
cloud is Amazon AWS.

SECURITY IN CLOUD COMPUTING Page 7

Cloud computing relies on sharing of resources to achieve coherence and economies of
scale. Advocates of public and hybrid clouds note that cloud computing allows
companies to avoid or minimize up-front IT infrastructure costs. Proponents also claim
that cloud computing allows enterprises to get their applications up and running faster,
with improved manageability and less maintenance, and that it enables IT teams to more
rapidly adjust resources to meet fluctuating and unpredictable demand. Cloud providers
typically use a "pay-as-you-go" model, which can lead to unexpected operating
expenses if administrators are not familiarized with cloud-pricing models.

The availability of high-capacity networks, low-cost computers and storage devices as

well as the widespread adoption of hardware virtualization, service-oriented
architecture, and autonomic and utility computing has led to growth in cloud
computing.

Most of us use cloud computing all day long without realizing it. When you sit at your
PC and type a query into Google, the computer on your desk isn't playing much part in
finding the answers you need: it's no more than a messenger. The words you type are
swiftly shuttled over the Net to one of Google's hundreds of thousands of clustered PCs,
which dig out your results and send them promptly back to you. When you do a Google
search, the real work in finding your answers might be done by a computer sitting in
California, Dublin, Tokyo, or Beijing; you don't know—and most likely you don't care!

The same applies to Web-based email. Once upon a time, email was something you
could only send and receive using a program running on your PC (sometimes called a
mail client). But then Web-based services such as Hotmail came along and carried
email off into the cloud. Now we're all used to the idea that emails can be stored and
processed through a server in some remote part of the world, easily accessible from a
Web browser, wherever we happen to be. Pushing email off into the cloud makes it
supremely convenient for busy people, constantly on the move.

Preparing documents over the Net is a newer example of cloud computing. Simply log
on to a web-based service such as Google Documents and you can create a document,
spreadsheet, presentation, or whatever you like using Web-based software. Instead of
typing your words into a program like Microsoft Word or OpenOffice, running on your

SECURITY IN CLOUD COMPUTING Page 8

computer, you're using similar software running on a PC at one of Google's world-wide
data centers. Like an email drafted on Hotmail, the document you produce is stored
remotely, on a Web server, so you can access it from any Internet-connected computer,
anywhere in the world, any time you like.

1.2 Benefits of Cloud Computing

Cloud computing is a big shift from the traditional way businesses think about IT
resources. Here are six common reasons organisations are turning to cloud computing
services:

Cost

Cloud computing eliminates the capital expense of buying hardware and software and
setting up and running on-site datacenters—the racks of servers, the round-the-clock

SECURITY IN CLOUD COMPUTING Page 9

electricity for power and cooling, the IT experts for managing the infrastructure. It adds
up fast.

Speed

Most cloud computing services are provided self service and on demand, so even vast
amounts of computing resources can be provisioned in minutes, typically with just a
few mouse clicks, giving businesses a lot of flexibility and taking the pressure off
capacity planning.

Global scale

The benefits of cloud computing services include the ability to scale elastically. In cloud
speak, that means delivering the right amount of IT resources—for example, more or
less computing power, s/torage, bandwidth—right when it is needed and from the right
geographic location.

Productivity

On-site datacenters typically require a lot of “racking and stacking”—hardware set up,
software patching and other time-consuming IT management chores. Cloud computing
removes the need for many of these tasks, so IT teams can spend time on achieving
more important business goals.

Performance

The biggest cloud computing services run on a worldwide network of secure

datacenters, which are regularly upgraded to the latest generation of fast and efficient
computing hardware. This offers several benefits over a single corporate datacenter,
including reduced network latency for applications and greater economies of scale.

Security

SECURITY IN CLOUD COMPUTING Page 10

Many cloud providers offer a broad set of policies, technologies and controls that
strengthen your security posture overall, helping protect your data, apps and
infrastructure from potential threats. We’ll learn about it in detail in the upcoming
chapters.

1.3 Models

1.3.1 Service models

Most cloud computing services fall into four broad categories: infrastructure as a
service (IaaS), platform as a service (PaaS), serverless and software as a service (SaaS).
These are sometimes called the cloud computing stack because they build on top of one
another. Knowing what they are and how they are different makes it easier to
accomplish your business goals.

Though service-oriented architecture advocates "everything as a service" (with the

acronyms EaaS or XaaS, or simply aas), cloud-computing providers offer their
"services" according to different models, of which the three standard models
per NIST are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and
Software as a Service (SaaS). These models offer increasing abstraction; they are thus
often portrayed as a layers in a stack: infrastructure-, platform- and software-as-a-
service, but these need not be related. For example, one can provide SaaS implemented
on physical machines (bare metal), without using underlying PaaS or IaaS layers, and
conversely one can run a program on IaaS and access it directly, without wrapping it as
SaaS.

Infrastructure as a service (IaaS)

"Infrastructure as a service" (IaaS) refers to online services that provide high-

level APIs used to dereference various low-level details of underlying network
infrastructure like physical computing resources, location, data partitioning, scaling,
security, backup etc. A hypervisor runs the virtual machines as guests. Pools of
hypervisors within the cloud operational system can support large numbers of virtual
machines and the ability to scale services up and down according to customers' varying
requirements. Linux containers run in isolated partitions of a single Linux
kernel running directly on the physical hardware. Linux cgroups and namespaces are

SECURITY IN CLOUD COMPUTING Page 11

the underlying Linux kernel technologies used to isolate, secure and manage the
containers. Containerisation offers higher performance than virtualization, because there
is no hypervisor overhead. Also, container capacity auto-scales dynamically with
computing load, which eliminates the problem of over-provisioning and enables usage-
based billing. IaaS clouds often offer additional resources such as a virtual-
machine disk-image library, raw block storage, file or object storage, firewalls, load
balancers, IP addresses, virtual local area networks (VLANs), and software bundles.

The NIST's definition of cloud computing describes IaaS as "where the consumer is
able to deploy and run arbitrary software, which can include operating systems and
applications. The consumer does not manage or control the underlying cloud
infrastructure but has control over operating systems, storage, and deployed
applications; and possibly limited control of select networking components (e.g., host
firewalls)."[59]

IaaS-cloud providers supply these resources on-demand from their large pools of
equipment installed in data centers. For wide-area connectivity, customers can use
either the Internet or carrier clouds (dedicated virtual private networks). To deploy their
applications, cloud users install operating-system images and their application software
on the cloud infrastructure. In this model, the cloud user patches and maintains the
operating systems and the application software. Cloud providers typically bill IaaS
services on a utility computing basis: cost reflects the amount of resources allocated and
consumed.

Platform as a service (PaaS)

The NIST's definition of cloud computing defines Platform as a Service as:

The capability provided to the consumer is to deploy onto the cloud infrastructure
consumer-created or acquired applications created using programming languages,
libraries, services, and tools supported by the provider. The consumer does not manage
or control the underlying cloud infrastructure including network, servers, operating
systems, or storage, but has control over the deployed applications and possibly
configuration settings for the application-hosting environment.

PaaS vendors offer a development environment to application developers. The provider

typically develops toolkit and standards for development and channels for distribution

SECURITY IN CLOUD COMPUTING Page 12

and payment. In the PaaS models, cloud providers deliver a computing platform,
typically including operating system, programming-language execution environment,
database, and web server. Application developers can develop and run their software
solutions on a cloud platform without the cost and complexity of buying and managing
the underlying hardware and software layers. With some PaaS offers like Microsoft
Azure, Oracle Cloud Platform and Google App Engine, the underlying computer and
storage resources scale automatically to match application demand so that the cloud
user does not have to allocate resources manually. The latter has also been proposed by
an architecture aiming to facilitate real-time in cloud environments.

Some integration and data management providers have also embraced specialized
applications of PaaS as delivery models for data solutions. Examples include iPaaS
(Integration Platform as a Service) and dPaaS (Data Platform as a Service). iPaaS
enables customers to develop, execute and govern integration flows. Under the iPaaS
integration model, customers drive the development and deployment of integrations
without installing or managing any hardware or middleware. dPaaS delivers
integration—and data-management—products as a fully managed service. Under the
dPaaS model, the PaaS provider, not the customer, manages the development and
execution of data solutions by building tailored data applications for the customer.
dPaaS users retain transparency and control over data through data-
visualization tools. Platform as a Service (PaaS) consumers do not manage or control
the underlying cloud infrastructure including network, servers, operating systems, or
storage, but have control over the deployed applications and possibly configuration
settings for the application-hosting environment.

Software as a service (SaaS)

The NIST's definition of cloud computing defines Software as a Service as:[59]

The capability provided to the consumer is to use the provider's applications running on
a cloud infrastructure. The applications are accessible from various client devices
through either a thin client interface, such as a web browser (e.g., web-based email), or
a program interface. The consumer does not manage or control the underlying cloud
infrastructure including network, servers, operating systems, storage, or even individual

SECURITY IN CLOUD COMPUTING Page 13

application capabilities, with the possible exception of limited user-specific application
configuration settings.

In the software as a service (SaaS) model, users gain access to application software
and databases. Cloud providers manage the infrastructure and platforms that run the
applications. SaaS is sometimes referred to as "on-demand software" and is usually
priced on a pay-per-use basis or using a subscription fee.[68] In the SaaS model, cloud
providers install and operate application software in the cloud and cloud users access
the software from cloud clients. Cloud users do not manage the cloud infrastructure and
platform where the application runs. This eliminates the need to install and run the
application on the cloud user's own computers, which simplifies maintenance and
support. Cloud applications differ from other applications in their scalability—which
can be achieved by cloning tasks onto multiple virtual machines at run-time to meet
changing work demand. Load balancers distribute the work over the set of virtual
machines. This process is transparent to the cloud user, who sees only a single access-
point. To accommodate a large number of cloud users, cloud applications can
be multitenant, meaning that any machine may serve more than one cloud-user
organization.

The pricing model for SaaS applications is typically a monthly or yearly flat fee per
user,[ so prices become scalable and adjustable if users are added or removed at any
point.Proponents claim that SaaS gives a business the potential to reduce IT operational
costs by outsourcing hardware and software maintenance and support to the cloud
provider. This enables the business to reallocate IT operations costs away from
hardware/software spending and from personnel expenses, towards meeting other goals.
In addition, with applications hosted centrally, updates can be released without the need
for users to install new software. One drawback of SaaS comes with storing the users'
data on the cloud provider's server. As a result, there could be unauthorized access to
the data.

1.3.2 Deployment models

Private cloud

Private cloud is cloud infrastructure operated solely for a single organization, whether
managed internally or by a third party, and hosted either internally or

SECURITY IN CLOUD COMPUTING Page 14

externally.[59] Undertaking a private cloud project requires significant engagement to
virtualize the business environment, and requires the organization to reevaluate
decisions about existing resources. It can improve business, but every step in the project
raises security issues that must be addressed to prevent serious vulnerabilities. Self-
run data centers[81] are generally capital intensive. They have a significant physical
footprint, requiring allocations of space, hardware, and environmental controls. These
assets have to be refreshed periodically, resulting in additional capital expenditures.
They have attracted criticism because users "still have to buy, build, and manage them"
and thus do not benefit from less hands-on management,[82] essentially "[lacking] the
economic model that makes cloud computing such an intriguing concept".[83][84]

Public cloud

A cloud is called a "public cloud" when the services are rendered over a network that is
open for public use. Public cloud services may be free.[85] Technically there may be
little or no difference between public and private cloud architecture, however, security
consideration may be substantially different for services (applications, storage, and
other resources) that are made available by a service provider for a public audience and
when communication is effected over a non-trusted network. Generally, public cloud
service providers like Amazon Web Services (AWS), Oracle, Microsoft and Google
own and operate the infrastructure at their data center and access is generally via the
Internet. AWS, Oracle, Microsoft, and Google also offer direct connect services called
"AWS Direct Connect", "Oracle FastConnect", "Azure ExpressRoute", and "Cloud
Interconnect" respectively, such connections require customers to purchase or lease a
private connection to a peering point offered by the cloud provider.[43][86]

Hybrid cloud

Hybrid cloud is a composition of two or more clouds (private, community or public)

that remain distinct entities but are bound together, offering the benefits of multiple
deployment models. Hybrid cloud can also mean the ability to connect collocation,
managed and/or dedicated services with cloud resources.[59] Gartner defines a hybrid
cloud service as a cloud computing service that is composed of some combination of
private, public and community cloud services, from different service providers.[87] A
hybrid cloud service crosses isolation and provider boundaries so that it can't be simply

SECURITY IN CLOUD COMPUTING Page 15

put in one category of private, public, or community cloud service. It allows one to
extend either the capacity or the capability of a cloud service, by aggregation,
integration or customization with another cloud service.

Varied use cases for hybrid cloud composition exist. For example, an organization may
store sensitive client data in house on a private cloud application, but interconnect that
application to a business intelligence application provided on a public cloud as a
software service.[88] This example of hybrid cloud extends the capabilities of the
enterprise to deliver a specific business service through the addition of externally
available public cloud services. Hybrid cloud adoption depends on a number of factors
such as data security and compliance requirements, level of control needed over data,
and the applications an organization uses.[89]

Another example of hybrid cloud is one where IT organizations use public cloud
computing resources to meet temporary capacity needs that can not be met by the
private cloud.[90]This capability enables hybrid clouds to employ cloud bursting for
scaling across clouds.[59] Cloud bursting is an application deployment model in which
an application runs in a private cloud or data center and "bursts" to a public cloud when
the demand for computing capacity increases. A primary advantage of cloud bursting
and a hybrid cloud model is that an organization pays for extra compute resources only
when they are needed.[91] Cloud bursting enables data centers to create an in-house IT
infrastructure that supports average workloads, and use cloud resources from public or
private clouds, during spikes in processing demands.[92] The specialized model of
hybrid cloud, which is built atop heterogeneous hardware, is called "Cross-platform
Hybrid Cloud". A cross-platform hybrid cloud is usually powered by different CPU
architectures, for example, x86-64 and ARM, underneath. Users can transparently
deploy and scale applications without knowledge of the cloud's hardware
diversity.[93] This kind of cloud emerges from the rise of ARM-based system-on-chip
for server-class computing.

Others

Community cloud

Community cloud shares infrastructure between several organizations from a specific

community with common concerns (security, compliance, jurisdiction, etc.), whether

SECURITY IN CLOUD COMPUTING Page 16

managed internally or by a third-party, and either hosted internally or externally. The
costs are spread over fewer users than a public cloud (but more than a private cloud), so
only some of the cost savings potential of cloud computing are realized.[59]

Distributed cloud

A cloud computing platform can be assembled from a distributed set of machines in

different locations, connected to a single network or hub service. It is possible to
distinguish between two types of distributed clouds: public-resource computing and
volunteer cloud.

 Public-resource computing—This type of distributed cloud results from an

expansive definition of cloud computing, because they are more akin to distributed
computing than cloud computing. Nonetheless, it is considered a sub-class of cloud
computing.
 Volunteer cloud—Volunteer cloud computing is characterized as the intersection
of public-resource computing and cloud computing, where a cloud computing
infrastructure is built using volunteered resources. Many challenges arise from this
type of infrastructure, because of the volatility of the resources used to built it and
the dynamic environment it operates in. It can also be called peer-to-peer clouds, or
ad-hoc clouds. An interesting effort in such direction is Cloud@Home, it aims to
implement a cloud computing infrastructure using volunteered resources providing
a business-model to incentivize contributions through financial restitution.[94]

Multicloud

Multicloud is the use of multiple cloud computing services in a single heterogeneous

architecture to reduce reliance on single vendors, increase flexibility through choice,
mitigate against disasters, etc. It differs from hybrid cloud in that it refers to multiple
cloud services, rather than multiple deployment modes (public, private, legacy).[95][96][97]

Big Data cloud

The issues of transferring large amounts of data to the cloud as well as data security
once the data is in the cloud initially hampered adoption of cloud for big data, but now
that much data originates in the cloud and with the advent of bare-metal servers, the

SECURITY IN CLOUD COMPUTING Page 17

cloud has become a solution for use cases including business analytics and geospatial
analysis.

HPC cloud

HPC cloud refers to the use of cloud computing services and infrastructure to
execute high-performance computing (HPC) applications. These applications consume
considerable amount of computing power and memory and are traditionally executed on
clusters of computers. Various vendors offer servers that can support the execution of
these applications. In HPC cloud, the deployment model allows all HPC resources to be
inside the cloud provider infrastructure or different portions of HPC resources to be
shared between cloud provider and client on-premise infrastructure. The adoption of
cloud to run HPC applications started mostly for applications composed of independent
tasks with no inter-process communication. As cloud providers began to offer high-
speed network technologies such as InfiniBand, multiprocessing tightly coupled
applications started to benefit from cloud as well.

1.4 Cloud computing issues

Although, there are numerous benefits of adopting the latest cloud technology still there
are privacy issues involved in cloud computing because in the cloud at any time the data
can outbreak the service provider and the information is deleted purposely. There are
security issues of various kinds related with cloud computing falling into two broader
categories: First, the issues related to the cloud security that the cloud providers face
(like software provided to the organizations, infrastructure as a service). Secondly, the
issues related to the cloud security that the customers experience (organizations who
store data on the cloud)[1]

Most issues start from the fact that the user loses control of his or her data, because it is
stored on a computer belonging to someone else (the cloud provider).[2] This happens
when the owner of the remote servers is a person or organization other than the user; as
their interests may point in different directions (for example, the user may wish that his
or her information is kept private, but the owner of the remote servers may want to take
advantage of it for their own business). Other issues hampering the adoption of cloud

SECURITY IN CLOUD COMPUTING Page 18

technologies include the uncertainties related to guaranteed QoS provisioning,
automated management, and remediation in cloud systems.

1.4.1 Threats
Cloud implementations generally meet or exceed expectations across major service
models, such as Infrastructure as a Service (IaaS), Platform as a service (PaaS)
and Software as a service (SaaS).[8]

Several deterrents to the widespread adoption of cloud computing remain. They include:

 Reliability
 Availability of services and data
 Security
 Complexity
 Costs
 Regulations and legal issues
 Performance
 Migration
 Reversion
 The lack of standards
 Limited customization

SECURITY IN CLOUD COMPUTING Page 19

Chapter 2
VIRTUALIZATION
2.1 What is Virtualization?

In computing, virtualization means to create a virtual version of a device or resource,

such as a server, storage device, network or even an operating system where the
framework divides the resource into one or more execution environments. Even
something as simple as partitioning a hard drive is considered virtualization because
you take one drive and partition it to create two separate hard drives. Devices,
applications and human users are able to interact with the virtual resource as if it were a
real single logical resource. The term virtualization has become somewhat of a
buzzword, and as a result the term is now associated with a number of computing
technologies including the following

 storage virtualization: the amalgamation of multiple network storage devices

into what appears to be a single storage unit.
 server virtualization: the partitioning a physical server into smaller virtual
servers.
 operating system-level virtualization: a type of server virtualization technology
which works at the operating system (kernel) layer.
 network virtualization: using network resources through a logical segmentation
of a single physical network.
 application virtualization

Virtualization is basically making a virtual image or “version” of something such as

server, operating system, storage devices or network resources so that they can be used
on multiple machines at the same time.

The main aim of virtualization is to manage the workload by transforming traditional

computing to make it more scalable, efficient and economical. Virtualization can be

SECURITY IN CLOUD COMPUTING Page 20

applied to a wide range such as operating system virtualization, hardware-level
virtualization and server virtualization.C

Virtualization technology is hardware reducing cost saving and energy saving

technology that is rapidly transforming the fundamental way of computing.

2.2 Architecture of Virtualized Technology

In cloud computing space/memory is virtually allocated to the users in the servers

which requires a host (platform) on which hypervisor (software which interacts with the
hardware) runs (Figure 1). The virtualization model is consisting of cloud users, service
models, virtualized models and its host software and as well as their hardware.
Virtualization software makes it possible to run multiple operating systems and multiple
applications on the same server at the same time,” said Mike Adams, director of product
marketing at VMware, a pioneer in virtualization and cloud software and services. It is
based on three service models that are SAAS (software as a service), PAAS (platform
as a service) and IAAS (infrastructure as a service). SAAS provides applications to the
cloud users to full fill their needs and demands. PAAS provides the cloud users a
common platform on which they can execute their applications and IAAS provides the
security and hardware to maintain the cloud resources [5] The basic idea is to share
large pools of resources like compute cycles or virtual CPUs (VCPUs), storage,
software services etc [6].

SECURITY IN CLOUD COMPUTING Page 21

Figure 1: Basic architecture.

Host: for virtualization the hypervisor software runs on a virtualization platform i.e. is
host.

Hypervisor: the software program which handles the virtual machine to work under the
virtually simulated environment is called hypervisor.

2.3 Benefits

Numerous benefits are provided by virtualization which includes, reduction in costs,

efficient utilization of resources, better accessibility and minimization of risk among
others.

Benefits for Companies

SECURITY IN CLOUD COMPUTING Page 22

 1. Removal of special hardware and utility requirements
2. Effective management of resources
3. Increased employee productivity as a result of better accessibility
4. Reduced risk of data loss, as data is backed up across multiple storage locations

Benefits for Data Centers

1. Maximization of server capabilities, thereby reducing maintenance and

operation costs
2. Smaller footprint as a result of lower hardware, energy and manpower
requirements

2.4 How Does Virtualization Work?

Access to the virtual machine and the host machine or server is facilitated by a software
known as Hypervisor. Hypervisor acts as a link between the hardware and the virtual
environment and distributes the hardware resources such as CPU usage, memory
allotment between the different virtual environments.

SECURITY IN CLOUD COMPUTING Page 23

2.5 The Different Types of Virtualization in Cloud Computing

Although virtualization, as a form of technology has existed since the 1960s, only
recently with the advent of cloud computing has it become a staple in the vocabulary of
those involved in the IT industry. By offloading hardware requirements and utility
costs, it can rapidly transform a company’s infrastructure and improve its efficiency by
itself. Virtualization in cloud computing allows you to run multiple applications and
operating systems on the same server, thereby providing for efficient resource
utilization and reducing costs.

Virtualization is the process of creating a virtual environment on an existing server to

run your desired program, without interfering with any of the other services provided by
the server or host platform to other users. The Virtual environment can be a single
instance or a combination of many such as operating systems, Network or Application
servers, computing environments, storage devices and other such environments. The
concept of virtualization will be easily understood after going through the different
types if virtualization later in this article.

SECURITY IN CLOUD COMPUTING Page 24

Virtualization can take many forms depending on the type of application use and
hardware utilization. The main types are listed below:

Hardware Virtualization

Hardware virtualization also known as hardware-assisted virtualization or server

virtualization runs on the concept that an individual independent segment of hardware
or a physical server, may be made up of multiple smaller hardware segments or servers,
essentially consolidating multiple physical servers into virtual servers that run on a
single primary physical server. Each small server can host a virtual machine, but the
entire cluster of servers is treated as a single device by any process requesting the
hardware. The hardware resource allotment is done by the hypervisor. The main
advantages include increased processing power as a result of maximized hardware
utilization and application uptime.

Subtypes:

 Full Virtualization – Guest software does not require any modifications since the
underlying hardware is fully simulated.
 Emulation Virtualization – The virtual machine simulates the hardware and
becomes independent of it. The guest operating system does not require any
modifications.
 Paravirtualization – the hardware is not simulated and the guest software run
their own isolated domains.

Software Virtualization

Software Virtualization involves the creation of an operation of multiple virtual

environments on the host machine. It creates a computer system complete with
hardware that lets the guest operating system to run. For example, it lets you run
Android OS on a host machine natively using a Microsoft Windows OS, utilizing the
same hardware as the host machine does.

Subtypes:

SECURITY IN CLOUD COMPUTING Page 25

  Operating System Virtualization – hosting multiple OS on the native OS
 Application Virtualization – hosting individual applications in a virtual
environment separate from the native OS
 Service Virtualization – hosting specific processes and services related to a
particular application

Memory Virtualization

Physical memory across different servers is aggregated into a single virtualized memory
pool. It provides the benefit of an enlarged contiguous working memory. You may
already be familiar with this, as some OS such as Microsoft Windows OS allows a
portion of your storage disk to serve as an extension of your RAM.

Subtypes:

 Application-level control – Applications access the memory pool directly

 Operating system level control – Access to the memory pool is provided through
an operating system

Storage Virtualization

Multiple physical storage devices are grouped together, which then appear as a single
storage device. This provides various advantages such as homogenization of storage
across storage devices of multiple capacity and speeds, reduced downtime, load
balancing and better optimization of performance and speed. Partitioning your hard
drive into multiple partitions is an example of this virtualization.

Subtypes:

 Block Virtualization – Multiple storage devices are consolidated into one

 File Virtualization – Storage system grants access to files that are stored over
multiple hosts

Data Virtualization

SECURITY IN CLOUD COMPUTING Page 26

It lets you easily manipulate data, as the data is presented as an abstract layer
completely independent of data structure and database systems. Decreases data input
and formatting errors.

Network Virtualization

In network virtualization, multiple sub-networks can be created on the same physical

network, which may or may not is authorized to communicate with each other. This
enables restriction of file movement across networks and enhances security, and allows
better monitoring and identification of data usage which lets the network
administrator’s scale up the network appropriately. It also increases reliability as a
disruption in one network doesn’t affect other networks, and the diagnosis is easier.

Subtypes:

 Internal network: Enables a single system to function like a network

 External network: Consolidation of multiple networks into a single one, or
segregation of a single network into multiple ones

Desktop Virtualization

This is perhaps the most common form of virtualization for any regular IT employee.
The user’s desktop is stored on a remote server, allowing the user to access his desktop
from any device or location. Employees can work conveniently from the comfort of
their home. Since the data transfer takes place over secure protocols, any risk of data
theft is minimized.

Which Technology to use?

Virtualization is possible through a wide range of Technologies which are available to

use and are also OpenSource. We prefer using XEN or KVM since they provide the best
virtualization experience and performance.

 XEN
 KVM

SECURITY IN CLOUD COMPUTING Page 27

  OpenVZ

2.6 Virtualization vs. Cloud Computing

Virtualization changes the hardware-software relations and is one of the foundational

elements of cloud computing technology that helps utilize cloud computing capabilities
to the full. Unlike virtualization, cloud computing refers to the service that results from
that change.

It describes the delivery of shared computing resources, SaaS and on-demand services
through the Internet. Most of the confusion occurs because virtualization and cloud
computing work together to provide different types of services, as is the case with
private clouds.

The cloud often includes virtualization products as a part of their service package. The
difference is that a true cloud provides the self-service feature, elasticity, automated
management, scalability and pay-as-you-go service that is not inherent to the
technology.

The Basics

A technology called the Virtual Machine Monitor — also called virtual manager–
encapsulates the very basics of virtualization in cloud computing. It is used to separate
the physical hardware from its emulated parts. This often includes the CPU’s memory,
I/O and network traffic. A secondary operating system that is usually interacting with
the hardware is now a software emulation of that hardware, and often the guest
operating system has no idea it’s on the virtualized hardware. Despite the fact that
performance of the virtual system is not equal to the functioning of the “true hardware”
operating system, the technology still works because most secondary OSs and
applications don’t need the full use of the underlying hardware. This allows for greater
flexibility, control and isolation by removing the dependency on a given hardware
platform.

SECURITY IN CLOUD COMPUTING Page 28

The layer of software that enables this abstraction is called “hypervisor”. A study in the
International Journal of Scientific & Technology Research defines it as “a software
layer that can monitor and virtualize the resources of a host machine conferring to the
user requirements.” The most common hypervisor is referred to as Type 1. By talking to
the hardware directly, it virtualizes the hardware platform that makes it available to be
used by virtual machines. There’s also a Type 2 hypervisor, which requires an operating
system. Most often, you can find it being used in software testing and laboratory
research.

SECURITY IN CLOUD COMPUTING Page 29

Chapter 4

CONCLUSION
4.1 Summary
Cloud computing is a way of delivering computing resources, over internet. Computing
services ranging from data storage and processing to software, such as email handling,
are now available instantly, commitment-free and on-demand. This economic model for
computing has found fertile ground and is seeing massive global investment.
There are massive projections for cloud computing but cloud computing is always
surrounded by security threats which are directly linked to its advantages. It is
beneficial to both the parties be it a business or the invader but security is always a
concern. So, we have discussed various security threats and their probable solutions
which helps in resolving these security issues.
We have also discussed some of the major cloud security companies and service
providers which helps in providing a secure cloud connection in terms of both user and
provider end.

4.2 Future scope

Cloud Computing security challenges are part of ongoing research. Various open issues
are identified as future scope.
 Data Classification based on Security: A cloud computing data center can store
data from various users. To provide the level of security based on the
importance of data, classification of data can be done. This classification scheme
should consider various aspects like access frequency, update frequency and
access by various entities etc. based on the type of data. Once the data is
classified and tagged, then level of security associated with this specific tagged
data element can be applied. Level of security includes confidentiality,
encryption, integrity and storage etc. that are selected based on the type of data.
 Identity management system: Cloud computing users are identified and used
their identities for accessing the services. A secure trust based identity

SECURITY IN CLOUD COMPUTING Page 30

 management scheme is essentially a need by all cloud service provider and
users. Various issues of identity management system are identified. Solution to
secure id-generation and distribution, storage and life cycle management is a
demand for trust based identity management system.
 Secure trust based Solution for cloud computing Service: A secure environment
for execution of the cloud computing services along with overall security
considerations is a challenge. A secure and trusted solution is the requirement
that needs to be focused and addressed by the cloud computing infrastructure.
 Optimization of resource Utilization: Security considerations and provisions for
virtualization along with the optimum use of the cloud infrastructure also needs
to be focused and addressed.

SECURITY IN CLOUD COMPUTING Page 31

 REFERENCES
1. Haghighat, M.; Zonouz, S.; Abdel-Mottaleb, M. (2015). "CloudID: Trustworthy
Cloud-based and Cross-Enterprise Biometric Identification". Expert Systems
with Applications. 42 (21): 7905–7916. doi:10.1016/j.eswa.2015.06.025.
2. Jump up to: Srinivasan, Madhan (2012). "State-of-the-art cloud computing
security taxonomies". 'State-of-the-art cloud computing security taxonomies: a
classification of security challenges in the present cloud computing
environment. ACM ICACCI'.
p. 470. doi:10.1145/2345396.2345474. ISBN 9781450311960.
3. "Swamp Computing a.k.a. Cloud Computing". Web Security Journal. 2009-12-
28. Retrieved 2010-01-25.
4. "Top Threats to Cloud Computing v1.0" (PDF). Cloud Security Alliance.
Retrieved 2014-10-20.
5. Winkler, Vic. "Cloud Computing: Virtual Cloud Security Concerns". Technet
Magazine, Microsoft. Retrieved 12 February 2012.
6. Hickey, Kathleen. "Dark Cloud: Study finds security risks in virtualization".
Government Security News. Retrieved 12 February 2012.
7. Winkler, Vic (2011). Securing the Cloud: Cloud Computer Security Techniques
and Tactics. Waltham, MA USA: Elsevier. p. 59. ISBN 978-1-59749-592-9.
8. Jump up to:a b c Krutz, Ronald L., and Russell Dean Vines. "Cloud Computing
Security Architecture." Cloud Security: A Comprehensive Guide to Secure
Cloud Computing. Indianapolis, IN: Wiley, 2010. 179-80. Print.
9. "Gartner: Seven cloud-computing security risks". InfoWorld. 2008-07-02.
Retrieved 2010-01-25.
10. "Top Threats to Cloud Computing Plus: Industry Insights". Cloud Security
Alliance. 2017-10-20. Retrieved 2018-10-20.
11. "What is a CASB (Cloud Access Security Broker)?". CipherCloud.
Retrieved 2018-08-30.
12. "Identity Management in the Cloud". Information Week. 2013-10-25.
Retrieved 2013-06-05.

SECURITY IN CLOUD COMPUTING Page 32

 13. Thangasamy, Veeraiyah (2017). "Journal of Applied Technology and
Innovation" (PDF). 1: 97.
14. Jun Tang, Yong Cui (2016). "Ensuring Security and Privacy Preservation for
Cloud Data Services" (PDF). ACM Computing Surveys. 49: 1–
39. doi:10.1145/2906153.
15. Bethencourt, John; Sahai, Amit; Waters, Brent. "Ciphertext-Policy Attribute-
Based Encryption" (PDF). IEEE Symposium on Security and Privacy 2007.
pp. 321–334.
16. Goyal, Vipul; Pandey, Omkant; Sahai, Amit; Waters, Brent. "Attribute-Based
Encryption for Fine-Grained Access Control of Encrypted Data". ACM
Conference on Computer and Communications Security 2006. pp. 89–98.
17. Chase, Melissa; Chow, Sherman S. M. "Improving Privacy and Security in
Multi-Authority Attribute-Based Encryption". ACM Conference on Computer
and Communications Security 2009. pp. 121–130.
18. Attrapadung, Nuttapong; Herranz, Javier; Laguillaumie, Fabien; Libert,
Benoît; de Panafieu, Elie; Ràfols, Carla (2012-03-09). "Attribute-based
encryption schemes with constant-size ciphertexts". Theoretical Computer
Science. 422: 15–38. doi:10.1016/j.tcs.2011.12.004.

SECURITY IN CLOUD COMPUTING Page 33