Model of Security Evaluation of Infrastructure as a Service Layer of Cloud Computing System

LIChuan-long(李传龙)，GAO Jing(高 静)

College of Computer and Information Engineering，Inner Mongolia Agricultural University，Hohhot010018，China

Model of Security Evaluation of Infrastructure as a Service Layer of Cloud Computing System

LIChuan-long(李传龙)，GAO Jing(高 静)*

College of Computer and Information Engineering，Inner Mongolia Agricultural University，Hohhot010018，China

At present，most providers of cloud com puting mainly provide infrastructures and services of infrastructure as a service (IaaS).But there is a serious problem that is the lack of security standards and evaluation model of IaaS.After analyzing the vulnerabilities performance of IaaS cloud com puting system，the mapping relationship was established between the vulnerabilities of IaaS and the nine threats of cloud computing which was released by cloud security alliance (CSA).According to the mapping relationship，a model for evaluating security of IaaS was proposed which verified the effectiveness of the model on OpenStack by the analytic hierarchy process(AHP)and the fuzzy evaluation method.

cloud computing;security;infrastructure as a service (IaaS);evaluation model

Introduction

The cloud computing isw idespread concerned by industry，academic，and governments.With the rapid development of cloud computing technology，the frequent occurrence of vital fault has greatly hindered its benign development.The security of cloud computing becomes the key of the industrial development and technology innovation.In mass of solutions for cloud computing security，the construction of security standard system，related research and formulation are the consistent pursuit in this field［1］.Now，governments and standard organizations are actively working on standard research as well as formulation.Cloud security alliance(CSA)has released security guidance for critical areas of focus in cloud computing V3.0，and ISO/IEC JTC1/SC27 also launches the research project named cloud security and privacy.In addition，National Institute of Standards and Technology(NIST)of China released cloud computing reference architecture and its related publications.It is worth mentioning that research institutions worldw ide of cloud computing mainly aim at the security in general architecture，but the related standards and formulations of infrastructure as a service(IaaS)layer are not much.In this article，we make mapping between the specific threats for IaaS layer and nine threats in the CSA report.We also work out the corresponding precautions and measures that are the characteristic attacks for IaaS layer，and eventually put forward referencemodel of security evaluation of IaaS.

1 Cloud Com puting Security

Cloud computing security refers to a set of procedures，processes，and standards，and it aims at providing security of information in cloud computing environment.Servicemodel of cloud computing security emphasizes the physical and logical security in all the different software， platform， and infrastructure.It also involves how to delivery the service (public，private，or hybrid delivery model)［2］.

Cloud security is regarded as the crux that decideswhether cloud computing can survive.Besides，among the numerous of solutions of cloud computing security， the construction，research，and development of the cloud computing security standards system are considered as the key to solve the problem.

2 Structural Com position of IaaS Layer of Cloud Com puting System

The cloud infrastructure of IaaS is made up of physical layer and virtualization layer.The physical layer includes a massive PC or clusters server，storage facilities，computing facilities，physical network，aswell as external environment(it is composed of power distribution，the fire alerting，the control of low voltage，and real-time monitoring).The virtualization layermainly includes virtualmachine，virtualmachinemonitor，virtual network，and virtualization software.Cloud providers manage and monitor multiple virtual machine and virtual machine network through the virtualmachinemonitor in order to ensure an absolutely safe work environment.The secure virtual machine network brings each cloud applications of IaaS layer together just like“glue”.At the same time，the virtualmachine monitors are also connected w ith each virtualmachine for their communication.The structure of IaaS layer is shown in Fig.1.

3 Model of Security Evaluation of IaaS Layer

In 2013，CSA released nine threats that the cloud computing faced.It aimed tomake direct recommendations and opinions for cloud computing security and reliability［3］.

Threat1:data breaches.

Threat2:data loss.

Threat3:account or service traffic hijacking.

Threat4:insecure interface and API.

Threat5:denial of service.

Threat6:malicious insiders destruction.

Threat7:abuse of cloud services.

Threat8:insufficient due diligence.

Threat9:vulnerabilities of shared technology.

The nine threats are calculated for the whole cloud system in CSA report.This paper combines the peculiar weakness and assault of IaaS layer of cloud computing system，then lists the mapping relationship which is related to the above nine threats，finds out the corresponding solution and technicalmeans for the assessment threat of every layer，and eventually forms the referencemodel about security appraisal in IaaS layer of cloud computing system.Therefore，as shown in Table 1，the first level evaluation indexes are physical layer security and virtualization layer security;the elements of physical layer and virtualization layer of IaaSw illbe as the second level evaluation index.The third index of physical layers is composed of the parts of physical machine and the security of external environment.The third level index of virtualization layer is composed of the security of each operational phase in the life cycle of virtualmachine and the scalability and reusable of the virtualmachine network.

4 Experimental Verification

4.1 Analytic hierarchy process(AHP)method and fuzzy evaluation method

AHP is a hierarchical and analyticalmethod which is based on weight decision.All elements thatare related to decision w ill be broken up into multiple layers through this method.The method of fuzzy comprehensive evaluation makes an overall evaluation on things or objects which are restricted by many factors through fuzzy mathematics.This paper combines these two methods as the evaluation algorithm，and evaluates the OpenStack platform to prove the effectiveness of the proposed evaluationmodel.

The evaluation process of this paperis as follows:

1)building the assembles of indexes and comments;

2)building the hierarchy tree of indexes and the judgment matrix according to the evaluationmodel proposed in this paper;

3)confirming the effectiveness of the judgmentmatrix and the weights of each index;

4) building the statistics results of the single index evaluation through the form of questionnaire survey;

5)building the evaluation matrix of the single index and making a process of fuzzy evaluation from low to high;

6)concluding the final results，and determining the levelof safety assessment through the principle of the maximum membership.

4.2 Security of OpenStack

According to the security analysis of OpenStack，this paper establishes the architecture table of security evaluation of OpenStack as shown in Table 2.

4.3 Process and results of security evaluation of OpenStack

Through the structure table of security evaluation of OpenStack，this paper uses the AHP and the fuzzy evaluation method to evaluate each indicator and assesseswhether each leaf indicator canmeet the requirementsof safety.At last，this paper evaluates thewhole platform to verify the security and reliability ofOpenStack.

2)The various indicators refer to the security evaluating.Build an orderly hierarchy indicator hierarchy tree according to the relation of subordination.Then compare indicatorswhich are stayed on the same level，and draw the assemblage using Level 9 scaling.Finally the hierarchical judgment matrix is constructed［13］.The weight assemblage is fixed by traditional methods，which are expertsmethod and statisticsmethod.But the judgment matrix of this article is based on the securityrequirement of users，therefore the paper uses user method.According to the algorithm of judgmentmatrix in Ref.［14］，the weight of each indicator is determined that is based on the users＇experiences，the weight of indicator is wi，and the weight assemblage is W.Of course，each matrix must have a consistency check;after each matrix is accepted，the weight assemble is complete as shown in Table 3.

3)Use themethod of subjection degree to mapping all indicators，and construct the judgment matrix of single indicator，as shown in Table 4.

4)The fuzzy evaluation matrix is calculated from low level to high.According to Ref.［14］，the computation formula is as follows，and the mathematical symbol“。”represents general synthetic operation whose operatemode is that constructing a matrix calledwith the weight of each leaf indicators which have the same parent node，then dealing w ithby normalizationmethod andmultiplying the result and the corresponding judgment matrix of single indicator.Finally，it is concluded that the judgmentmatrix of this layer is:

Work out the fuzzy com prehensive evaluation of the first level，and then determ ine the judgment matrix of the first level:

And R2，R3，R4，and R5can be calculated.

The secondary fuzzy relationship matrix is:

5)Work out the fuzzy comprehensive evaluation of the second level，and then determ ine the judgmentmatrix of the second level:

7) According to the principle of the maximum membership degree， determ ine the level of security evaluation.The result is R=(0.6616，0.25，0.0708，0.017 6)，Rmax= 0.661 6，and the consequence of security evaluation of OpenStack is“excellent”.At last，the evaluated data works out through the final quantitative evaluation formula.The answer is R*=R。V=9.333 4，which is among in［10，8.5］，and the corresponding level is“excellent”.

The results show that themodelof security evaluation of IaaS is effective，and a review of OpenStack also verifies the effectiveness of themodel.

The three-level fuzzy relationship matrix is:r=(，).

6)Work out the final result:

5 Conclusions

This paper proposes themapping relationship between nine threats and the peculiar weakness of IaaS，and eventually draws up a reference model of IaaS layer＇s security.It providesReferencesfor the development of cloud computing system security assessment.The above consequence ismainly for the characteristics of IaaS layer of cloud computing system，and combines w ith the development trend of cloud computing security.In addition，this paper verifies the effectiveness of the model on OpenStack by the AHP method and the fuzzy evaluation method.We will do further research about the assessment methods and algorithms，and build a complete evaluationmodel.

［1］Yan B.Discussion on Relevant Standards of Cloud-Computing Security［J］.Information Security and Communication Security，2012(11):66-68.(in Chinese)

［2］Cory J.Cloud Computing Security［DB/OL］.http://www.techopedia.com/definition/25114/cloud-computing-security.

［3］Alliance C S.The Notorious nine:Cloud Computing Top Threats in 2013［R］.Cloud Security Alliance，2013.

［4］Santos N，Gummadi K P，Rodrigues R.Towards Trusted Cloud Computing［C］.Proceedings of the 2009 Conference on Hot Topics in Cloud Computing，San Diego，USA，2009:3-3.

［5］Calder B，Chien A A，Wang J，et al.The Entropia Virtual Machine for Desktop Grids［C］.Proceedings of the 1st ACM/ USENIX International Conference on Virtual Execution Environments，New York，USA，2005:186-196.

［6］Wei JP，Zhang X L，Ammons G，et al.Managing Security of VirtualMachine Images in a Cloud Environment［C］.Proceedings of the 2009 ACM Workshop on Cloud Computing Security，New York，USA，2009:91-96.

［7］Descher M，Masser P，Feilhauer T，etal.Retaining Data Control to the Client in Infrastructure Clouds［C］.IEEE International Conference on Availability，Reliability and Security，Toulouse，France，2009:9-16.

［8］Baldw in A，Dalton C，Shiu S，et al.Providing Secure Services for a Virtual Infrastructure［J］.ACM SIGOPSOperating Systems Review，2009，43(1):44-51.

［9］Wang Z，Jiang X J.Hypersafe:a Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity［C］.IEEE Symposium on Security and Privacy，Oakland，USA，2010:380-395.

［10］Constandache I，Yumerefendi A，Chase J.SecureControl of Portable Images in a Virtual Computing Utility［C］.Proceedings of the 1st ACM Workshop on Virtual Machine Security，New York，USA，2008:1-8.

［11］Sundararaj A I，Gupta A，Dinda P A.Dynam ic Topology Adaptation of Virtual Networks of Virtual Machines［C］.Proceedings of the 7th Workshop on Workshop on Languages，Compilers，and Run-Time Support for Scalable Systems，New York，USA，2004:1-8.

［12］Primet P V B，Gelas JP，Mornard O，et al.A Scalable Security Model for Enabling Dynam ic Virtual Private Execution Infrastructures on the Internet［C］.Proceedings of the 9th IEEE/ ACM International Symposium on Cluster Computing and the Grid，Washington DC，USA，2009:348-355.

［13］Ouyang L B，Zou B J，Lin J，et al.Software Practicality Fuzzy Evaluation Based on AHP Theory［J］.Journal of Chinese Computer Systems，2013，34(2):298-303.

［14］Shi ZW，Zhao M.Using the Analytic Hierarchy Process(AHP) to Determine the Index Weights［J］.Science Technology and Industry，2008，8(2):23-25.

TP391.4 Document code:A

1672-5220(2015)02-0323-05

date:2014-10-10

s:National Natural Science Foundation of China(No.61462070);the“ChunHuiPlan”Projectof Educational Department，China (No.Z2009-1-01062);the Research of Evaluation Technology of Security and Reliability of Cloud Computing and the Built of Testing Platform That is a Technology Plan Project of Inner Mongolia，China

* Correspondence should be addressed to GAO Jing，E-mail:longao4053@163.com