A Comparison and Security Analysis of the Cloud

A Comparison and Security Analysis of the Cloud

Computing Software Platforms Oliver Popovi?1, Zoran Jovanovi?1, Nenad Jovanovi?2, Ranko Popovi?3

Abstract – The first part of this paper describes most promising open-source cloud computing software platforms – Eucalyptus, OpenNebula and OpenQRM. With these platforms,

it is possible to manage Infrastructure-as-a-Service operations. Non-commercial projects are analyzed, because they represent inexpensive but significant alternative to private and commercial software. The second part of the paper presents a suggestion of a new better security solution for cloud platform.

Keywords – Cloud computing, Eucalyptus, OpenNebula, OpenQRM, Security.

I.I NTRODUCTION

In the past, different methods have been promoted to manage large processor systems. Depending on the needs various systems were developed with own distinctive procedures and methods. We will consider systems that follow the idea of Infrastructure-as-a-Service (IaaS) [1], where computer infrastructure are given – typically a platform virtualization environment – as a service. Rather than purchasing servers, software, space and network equipment, clients instead buy those resources as a fully outsourced service. For controlling those resources, various systems are developed.

Some of the most promising open-source cloud computing platforms are:

1.Eucalyptus

2.OpenNebula

3.OpenQRM

Comparing open-source cloud system tools was mentioned many times [2] [3] [4], but the issue of security has never been described in a satisfactory form. The safety standards in cloud computing are not yet sufficiently developed, and from that comes the need for solving the problems of security and integrity of those systems.

1Oliver Popovi? and Zoran Jovanovi? are with Business School, Blace, Kralja Petra I 70, 18420 Blace, Serbia, E-mail: o.popovic@https://www.wendangku.net/doc/2d5086545.html,.rs

2Nenad Jovanovi? is with the Faculty of Technical Sciences, University of Pristina, Kneza Milo?a 7, 38220 Kosovska Mitrovica, Serbia,

E-mail: nndjov@https://www.wendangku.net/doc/2d5086545.html,

3Ranko Popovi? is with the Singidunum University, Bulevar Zorana ?in?i?a 44, 11000 Beograd, Serbia,

E-mail: rpopovic@singidunum.ac.rs II.C LOUD C OMPUTING P LATFORMS

A. Eucalyptus

The architecture of the Eucalyptus system is modular and easy to understand.Eucalyptus is implemented using commonly available Linux tools and Web service technologies making it easy to install and maintain.

In essence, the system allows users to start, access, control and terminate entire virtual machines using an emulation of Amazon EC2’s SOAP interfaces. Users of Eucalyptus interact with the system using the exact same tools and interfaces that they use to interact with Amazon EC2 [5].

A Eucalyptus cloud consists of five types of components, as shown in Fig. 1. The cloud controller and "Walrus" are main components, with one of each in a cloud installation. The cloud controller performs resource scheduling and system accounting. Walrus implements storage, which is available outside and inside a cloud through interfaces [6].

Main components can aggregate resources from multiple clusters. Each cluster needs a cluster controller for scheduling and network control and a storage controller for block-based storage. The two cluster-level components would typically be deployed on the head-node of a cluster. Finally, every node with a hypervisor will need a node controller for controlling the hypervisor [7].

Fig. 1. Components of the Eucalyptus cloud systems Eucalyptus can be installed from source or using a set of packages. Installing Eucalyptus from packages is easier but will only work on certain distributions. Eucalyptus currently supports installation from binary packages on these Linux distributions:

1.CentOS 5

2.Debian squeeze

3.OpenSUSE 11

4.Fedora 12

B. OpenNebula

OpenNebula [8] is one of the most advanced cloud computing platforms in the open source community. Project tends to be much more customizable. The OpenNebula EC2 Query is a web service that enables launching and managing virtual machines in OpenNebula installation through the Amazon EC2 Query Interface. In this way, EC2 Query tool or utility can be used to access a private cloud. The EC2 Query web service is implemented upon the new OpenNebula Cloud API1 layer that exposes the full capabilities of an OpenNebula private cloud.

The current implementation includes the basic routines to use a Cloud: image upload and registration, and the VM run, describe and terminate operations. The OpenNebula EC2 Query service provides an Amazon EC2 Query API1 compatible interface to cloud, that can be used alongside the native OpenNebula CLI or the libvirt interface, as shown in Fig. 2.

The OpenNebula distribution includes the tools that need to use the EC2 Query service. The EC2 Query service was installed during the OpenNebula installation, so you just need to install its following packages to meet the runtime dependencies:

1.The Amazon EC2 Query API 1 library;

2.The Sinatra web framework and the thin web server;

3.The libraries for the Image Repository and Client Tools.

Fig. 2. Diagram of the OpenNebula components

C. OpenQRM

OpenQRM [9] is the open-source Data center management platform. It’s fully pluggable architecture focuses on automatic deployment and especially supporting multiple virtualization technologies. OpenQRM is a single-management console for the complete IT infrastructure, as shown in Fig. 3, and provides a well defined API which can be used to integrate third-party tools as additional plugins. OpenQRM runs on Linux distributions.

The following Distributions are supported:

1.Debian GNU/Linux

2.Ubuntu Linux

3.CentOS

4.SuSE/SLES

5.Fedora 9

OpenQRM is the management solution that can be easily configured to offer fault-tolerant high availability resulting in zero-downtime failover capabilities for appliances.

In case of an error, OpenQRM will try to find a new resource fitting to the appliance profile and re-start/re-deploy the appliance.

Fig. 3. OpenQRM - single-management console for the complete IT-

infrastructure

III.C OMPARISON AND A NALYSIS

On these platforms we have singled out their key features, performed the analysis and compared them in Table I.

TABLE I

COMPARISON OF THE CLOUD COMPUTING PLATFORMS

Eucalyptus OpenNebula OpenQRM Version 2.0 2.2.1 4.8 Hybrid Cloud

support

Yes Yes Yes

Fault

Tolerance

Yes Yes Yes Security SSH SSH, SSL SSH, SSL Licence GPLv3 Apache GPLv2 Language C,

Java C++ Java

Eucalyptus is a comprehensive cloud computing system, but it has some security concerns:

1.System Administrators must register kernel and ramdisk images,

2.Uploaded images automatically become public,

3.Contents of image can be leaked,

https://www.wendangku.net/doc/2d5086545.html,ers can upload compromised images and open backdoor possibilities.

OpenNebula is a reliable cloud computing hybrid system, but it may have some authentication problems. In some cases, if administrator misconfigure Linux system, every user can connect to the OpenNebula database using command line shell for SQLite and obtain all other users passwords, which is also mentioned in [10] [11].

OpenQRM is stable, secure and reliable system. All internal and external http communication between a client browser

and OpenQRM server are fully encrypted via SSL. But, it is possible to use unsecured http protocol and that is a main security issue.

IV.S ECURITY P ROPOSITION

In the cloud computing platforms there are several known security issues, which are described in [12] [13]. One of the main problems represents a so-called "malicious insiders"

[14]. Administrators and other employees can easily misuse their authorities and take passwords, confidential data or some other valuable information. According to the all which is mentioned,security issues solution is proposed, that will increase the security level of the cloud computing platform. The most important problem in the cloud computing security is practicing of storing passwords in the database in the plain text format. This kind of care is absolutely unacceptable. Therefore, the implementation of the SHA-512 algorithm is proposed, which will make a hash function from the entered password. In order to further increase the security of the system, we can improve password by adding some words unique to every user at the beginning and at the end of the hash. While assigning a user password, the password would be turned into a hash, with the addition of word that is specific to every user and also encrypted with SHA-512 algorithm, at the beginning and at the end of the user's password. In this way, an intruder is prevented from the calculation of the initial user's password even if they manages to get the hash of the password. With this implementation, it is possible to protect the system maximally from the possibility of unauthorized intrusions into that system.

V.C ONCLUSION

Some of the major cloud computing systems are presented in this paper. Those are reliable systems, with good performances. It is shown that cloud systems have some security issues.

There is a need for standardization of cloud computing platforms, especially in terms of security.

This is a significant and considerable task, as every cloud system uses different abstractions levels. Some of issues have addressed and authentications improvements are presented. Adding words, which is specific to each user and is not predefined in the system, would significantly increase safety.

Breaking such a code (even if a cracker knows the password hash) does not make sense because of the time duration of the code breaking. With these improvements, cloud systems will have significant reliability.

As future work, authors will develop security implementation as part of the cloud computing model.

A CKNOWLEDGEMENT

The work presented here was supported by the Serbian Ministry of Education and Science (project III44006).

R EFERENCES

[1] P. Mell, T. Grance, “The NIST de?nition of cloud Computing”,

July 2009.

[2] D. Cerbelaud, S. Garg, J. Huylebroeck, “Opening the Clouds:

Qualitative Overview of the State-of-the-art Open Source VM-

based Cloud Management Platforms”, Proceedings of the 10th

ACM/IFIP/USENIX International Conference on Middleware,

(22), 2009.

[3] P.T. Endo, G.E. Goncalves, J. Kelner, D. Sadok. “A Survey on

Open-source Cloud Computing Solutions", Brazilian

Symposium on Computer Networks and Distributed Systems,

May 2010.

[4] P. Sempolinski, D. Thain, "A Comparison and Critique of

Eucalyptus, OpenNebula and Nimbus," cloudcom, , 2010 IEEE

Second International Conference on Cloud Computing Technology and Science, pp. 417-426, 2010.

[5] D. Nurmi, R. Wolski, C. Grzegorczyk, G. Obertelli, S. Soman,

L. Youseff, and D. Zagorodnov, “The Eucalyptus Open-Source

Cloud-Computing System,” Cluster Computing and the Grid,

CCGRID'09. 9th IEEE/ACM International Symposium, pp.

124–131, May 2009.

[6] Eucalyptus home page, https://www.wendangku.net/doc/2d5086545.html,/wiki/

EucalyptusInstall

[7] Eucalyptus home page, https://www.wendangku.net/doc/2d5086545.html,/book/

export/html/4263

[8] OpenNebula home page, https://www.wendangku.net/doc/2d5086545.html,

[9] OpenQRM home page, https://www.wendangku.net/doc/2d5086545.html,

[10] OpenNebula community, https://www.wendangku.net/doc/2d5086545.html,/pipermail/

https://www.wendangku.net/doc/2d5086545.html,/ 2011-February/004018.html

[11] OpenNebula community, https://www.wendangku.net/doc/2d5086545.html,/issues/493

[12] Cloud Security Alliance, "Top Threats to Cloud Computing",

Vol. 1, Mar.2010; https://https://www.wendangku.net/doc/2d5086545.html,/topthreats/

csathreats.v1.0.pdf

[13] R.Choubey, R.Dubey, J. Bhattacharjee, “A Survey on Cloud

Computing Security, Challenges and Threats”. IJCSE, Vol. 3

No.3, Mar.2011

[14] F.Rocha, M.Correia, "Lucy in the Sky without Diamonds:

Stealing Confidential Data in the Cloud", DCDV, DSN`11,

Hong Kong, June 2011.