Download - Ankush PresenT
-
8/2/2019 Ankush PresenT
1/37
Evaluation of Cloud Securityunder Firewalls
- Ankush Vee
Graduate Project Spring 2012Committee Members
Dr. Mario Garcia
Dr. Long Zhuang Li
Dr. David Thomas
-
8/2/2019 Ankush PresenT
2/37
Outline
Aims and Objectives Cloud Security Issues
Existing models
Proposed model
Simulations
Results
Conclusion and Future work
Demo References
2
-
8/2/2019 Ankush PresenT
3/37
Aim
To evaluate the cloud performance under the secure firewall
implementation and block the unwanted web traffic using the
OPNET IT guru simulation.
3
-
8/2/2019 Ankush PresenT
4/37
Objective
To review the cloud security issues and the current securitymodels
To propose a new security model for cloud data and
information security
To design the simulation using OPNET It guru and create threescenarios
To measure the performance of the cloud under these three
scenarios using some performance metrics
To compare the scenario results and corresponding graphs andto evaluate the performance of cloud
4
-
8/2/2019 Ankush PresenT
5/37
Cloud Security Issues
Privacy issues
Availability and backup
Access issues
Trust
Illegal secondary usage
Data proliferation issues
5
-
8/2/2019 Ankush PresenT
6/37
Existing models
Cloud cube model Organization boundaries
Open/propriety
Parameterized/De-parameterized
Insourced/Outsourced nature of cloud
Data security model
User authentication
Data encryption process Fast recovery data
6
-
8/2/2019 Ankush PresenT
7/37
Proposed model
Here, three scenarios are created:
- No Firewall scenario
- Firewall scenario
- Firewall scenario: Blocking Web access
7
-
8/2/2019 Ankush PresenT
8/37
Proposed model (contd..)
No firewall scenario: The objective of this scenario is to impose no firewall conditions across
the network.
To set up this network, the following objects are needed: The application configuration object is used to define the applications
The profile configuration object is used to define the application
profiles
Ip32_cloud object is used to act as the internet cloud
8
-
8/2/2019 Ankush PresenT
9/37
-
8/2/2019 Ankush PresenT
10/37
Proposed model (contd..)
Figure 1. No firewall scenario
10
-
8/2/2019 Ankush PresenT
11/37
Proposed model (contd..)
Firewall scenario
The scenario is duplicated and required firewall scenario is created
Here, a firewall router is created.
Constant packet latency of .05 seconds are imposed for packet filtering
11
-
8/2/2019 Ankush PresenT
12/37
Proposed model (contd..)
Firewall scenario: Block Web access
This scenario is created by duplicating second scenario, where the aim
is to block unauthorized web access.
12
-
8/2/2019 Ankush PresenT
13/37
Simulation procedure
OPNET IT guru as simulation tool
Provides rich user interface
This has an object palette
Compare scenarios
Three levels of performance metrics
13
-
8/2/2019 Ankush PresenT
14/37
Simulation procedure (contd..)
Simulation of No firewall scenario Application Configuration settings:
Rename a row as Database and choose
the heavy load database against the
Database application
Rename another row as web and
choose heavy browsing against HTTP
application
14
Figure 2. Application configuration settings
-
8/2/2019 Ankush PresenT
15/37
Simulation procedure (contd..)
Profile configuration settings
15
Figure 3. Database profile configuration Figure 4. Web profile configuration
-
8/2/2019 Ankush PresenT
16/37
Simulation procedure (contd..)
Cloud configuration:
The packet latency is set to 0.05 seconds it indicates that, the maximum
packet delay across the cloud due to the web and database applications
is 50ms
Each and every packet is processed across the cloud with this limiteddelay
16Figure 5. IP32 Cloud configuration
-
8/2/2019 Ankush PresenT
17/37
Simulation procedure (contd..)
West router and East router Configuration:
Ethernet4_slip8_gtwy object is dragged from the object palette and
renamed as Router_West
They are connected to the IP32 cloud using the PPP_DS1 links
17
Figure 6. West and East router configuration
-
8/2/2019 Ankush PresenT
18/37
Simulation procedure (contd..)
Home office configuration:
Number of workstations are set to
150
Database profile is added thenumber of users are set to 50
Another profile is set to web profile
and the number of users are set to
100
18
Figure 7. Home office configuration
-
8/2/2019 Ankush PresenT
19/37
Simulation procedure (contd..)
Server Configuration:
Two PPS servers are dragged from the object palette and they are set as
database server and web server.
Right click on the database server and choose edit attributes
Edit the application supported profiles and set Database application assupported
19Figure 8. Database server configuration
-
8/2/2019 Ankush PresenT
20/37
Simulation procedure (contd..)
Performance metrics:
OPNET IT guru provides three levels of performance evaluation like at
the global level, node level and link level
20Figure 9. Three levels of performance metrics
-
8/2/2019 Ankush PresenT
21/37
Simulation procedure (contd..)
21
Figure 10. Global statics Figure 11. Node Statics Figure 12. Link Statics
-
8/2/2019 Ankush PresenT
22/37
Simulation procedure (contd..)
Simulation of firewall scenario
From the option model choose, ethernet2_slip8_firewall such that now
the router acts as a firewall
Proxy server information option is expanded and the row 1 option isedited such that the latency is set a constant value of 0.05
22
Figure 13. Procedure to duplicate scenario
-
8/2/2019 Ankush PresenT
23/37
Simulation procedure (contd..)
23
Figure 14. Firewall configuration Figure 15. Firewall scenario setup
-
8/2/2019 Ankush PresenT
24/37
Simulation procedure (contd..)
24
Simulation of Firewall blocking scenario:
Expand the Proxy server information and choose the row 4 i.e. HTTP
Set the proxy server deployed option to No
Figure 16. Blocking web traffic
-
8/2/2019 Ankush PresenT
25/37
Simulation procedure (contd..)
25
Running the simulation:
Figure 17. Manage scenarios
Figure 18. Simulating scenarios for One hour
-
8/2/2019 Ankush PresenT
26/37
Results
Results for Database application Database query response time:
This indicates overall performance
of the database application
When the unwanted web traffic is
blocked, the overall performance of
the database application is enhanced
and also the security across the
cloud is enhanced.
26
Figure 19. DB query response time
-
8/2/2019 Ankush PresenT
27/37
Results (contd..)
Server DB query load:
The overall load on the database
server is estimated
When there is firewall over the
network the overall load on the
database server is increased as due to
the additional security firewall
policies.
27
Figure 20. DB server query load
-
8/2/2019 Ankush PresenT
28/37
Results (contd..)
Database Server point to point utilization:
This indicates the application
performance against the key security
issues.
The point to point utilization of the
database server is increased when
there is firewall across the cloud.
28
Figure 21. DBserver point to point utilization
-
8/2/2019 Ankush PresenT
29/37
Results (contd..)
Results for web application Page response time for no firewalls scenario:
The average response time is constant
across the simulation and the maximum
time consumed in this context is one
minute
The flow of the web application is
constant across the cloud without any
limitations
29
Figure 22. HTTP response time
-
8/2/2019 Ankush PresenT
30/37
Results (contd..)
Page response time across firewalls
scenarios:
The average maximum page
response time across the webapplication is 6 seconds
From the overall analysis it can be
understood that blocking the web
traffic will increase the pageresponse time.
30
Figure 23. HTTP response time
-
8/2/2019 Ankush PresenT
31/37
Results (contd..)
Cloud performance
Point to point cloud utilization across west
router:
This indicates overall point to pointcloud utilization across the west router
The overall utilization of the cloud can
be optimized when the web traffic is
blocked using the firewalls.
31
Figure 24. Cloud utilization across west
router
-
8/2/2019 Ankush PresenT
32/37
Conclusion
Providing security to the database resources and web resources
is a tedious task
A new security model is proposed and the proposed design is
explained, OPNET IT guru is used for simulation
From the overall analysis of the results the proposed firewall
model is well used for enhancing the database application
32
-
8/2/2019 Ankush PresenT
33/37
Future work
More number of applications can be used to evaluate the
performance of the security model proposed
Combined clouds and hybrid clouds can be used in future to
evaluate the security requirements
33
-
8/2/2019 Ankush PresenT
34/37
Demo
34
Figure 25. OPNET home screen
-
8/2/2019 Ankush PresenT
35/37
References
Galen Gruman . (2009). What cloud computing really means.
Journal of cloud computing. 21 (1), p10-14.
Dave Asprey. (2010). Building a truly secure Cloud with Dell
and Trend Micro. Journal of Computer Applications. 2 (1), p9-
15.
Richard Chow. (2009). Controlling Data in the Cloud:
Outsourcing Computation without Outsourcing Control.
International Journal of Network Security & Its Applications
(IJNSA. 20 (1), p7-12.
Jon Brodkin. (2008). Gartner: Seven cloud-computing security
risks. Cloud Security Journal . 3 (1), p4-7.
35
-
8/2/2019 Ankush PresenT
36/37
References (contd..)
Alan Boehme. (2010). Top Threats to Cloud Computing V1.0.
Cloud Security Alliance. . 10 (2), p19-23.
CHEN Quan. (2009). Cloud computing and its key techniques.
Journal of Computer Applications. 20 (1), p10-12.
Kevin Hamlen. (2010). Security Issues for cloud computing.
International Journal of Information Security and Privacy. 4
(2), p12-15.
ELIZABETH WHITE. (2009). Safeguarding Management and
Security in the Cloud. Cloud Security Journal . 3 (1), p8-12.
36
-
8/2/2019 Ankush PresenT
37/37
References (contd..)
Aderemi A. Atayero. (2011). Security Issues in Cloud
Computing: The Potentials of Homomorphic Encryption.
Journal of Emerging Trends in Computing and Information
Sciences. 2 (10), p12-16.
David Binning. (2011). Top five cloud computing security
issues. International Journal of Software engineering. 4 (2),
p20-24.
Terri Quinn-Andry. (2010). Pervasive Security Answers Cloud
Computing Worries. Cisco cloud articles. 2 (1), p10-13.
37