In several articles i found that virtualization permits a strong security to cloud computing. If it is possible i want to know how?
This article provides a good insights:
http://resources.infosecinstitute.com/virtualization-security-cloud-computing/
Regards.
Hi Sara, to get a clear answer we need more info about the context of your question. In general, "virtualization" means creation of shared entities on top of a physical resource. Virtualization is the basis of cloud computing, it is what makes cloud possible. Securing shared resources is always harder, and virtual resources are no exception, when we introduce virtualization we need to do more to Secure. So when you say "virtualization permits stronger security", it sounds a little strange. You may be considering specific virtualized components, e.g. virtual firewalls, which can help secure cloud services. If you elaborate on your question I may be able to help more.
Dear Azita Kia;
I thank you for your answer, the problem is that i start working on cloud security so i am not an expert but what i said in my question is what i found in several articles. But in these articles i did not found what authors mean by strong authentication.
Dear Azita Kia;
I read your profil and i found that you are a cloud computing and security expert, i have other questions about clou computing security and did not found answer. Could you please try to help me if possible?
OK, strong authentication, that is more specific, let's consider that. Basic Authentication scheme is a password check, but there are many enhancements over this basic scheme which you can read about online: https://en.wikipedia.org/wiki/Strong_authentication. To say that we need strong authentication in a virtualized (cloud) environment simply means that there are additional threats in a virtualized environment which we need to protect against, this is due to the fact that in order to access a virtual resource the cloud system has to take the end user through many steps, each of which can be compromised by various attacks. See this paper for a good and detailed example: https://pdfs.semanticscholar.org/0bb9/06a3c86f17b38a63cf0e6b7e2216f44765d8.pdf Hope this Helps, if not ask more Qs, glad to help :-)
What is the relationship between cloud security and virtualization? In several articles i found that virtualization permits a strong security to cloud computing. If it is possible i want to know how?
Virtualization is one of the components to enable cloud computing whereby sharing of physical resources, rapid elasticity of resource usage & provisioning, automated on-demand self services etc. suggest security is key in both virtualization & cloud computing protection. Hence, many security measures are included e.g. hypervisor exploit protection, virtual machine (VM) sandboxing, VM data leakage detection, authentication, role-based access levels, VM migration, disaster recovery etc.
Dear Azita Kia;
I thank you for the article, but i have a general question, before starting with the cloud computing security, i worked on grid computing especially on access control mechanism. In grid computing, there is a middleware layer which manages all security processes but in cloud architecture i did not found articles that speak about the middleware layer so who manages the security and if there is a middleware layer where is it located?
Since the cloud is generally divided into three layers namely; physical layer, virtual layer and application layer, no one security solution can secure the entire given cloud infrastructure. So when you talk of security in the cloud, you might want to narrow it down because the physical layer supports the virtual layer whilst the virtual layer supports the application layer. You might also want to know that even access control can be implemented independently (separately) across the three layers. In all those cases, different resources and mechanisms would be used in the implementation thereof. So I think that for a start, you can start with security (access control or authentication in your case) at any given layer. I must confess though that most literature with regards security in the cloud is based on the virtual layer. For a general overview of security issues at each layer of the cloud, you might want to have a look at this:
http://www.mecs-press.org/ijcnis/ijcnis-v10-n3/IJCNIS-V10-N3-4.pdf
Hope you find this helpful.
All the best!
Dear Aaron Zimba;
I thank you for this clarification i found it very helpful.
Thank you
Aaron has a good answer, definitely agree. Please note that terms such as 'cloud' and 'grid' are very broad and can be vague, there are no standard definitions or implementations, hence looking for a specific middle layer can prove frustrating. Cloud providers usually have their own specific implementation and try to optimize by cutting across layers.
Thank you Azita Kia for your answer, i understood that there is no general architectural layer that cloud computing follows. Each provider has its own architecture and the number of layers is according to requirements.
Hi,
Cloud security and virtualization are very important concepts in distributed computing systems depending on the cloud offering, delivery model and VM-type. When you talk about cloud security, the concern is on the attack vectors and payloads at the VM especially at IaaS. In this case, cloud security on Type-1 virtualization (Bare metal or embedded hypervisors running directly on the system hardware) focuses on protecting the VMs. In the case of Type-2 virtualization which runs on host operating system, Cloud security is not really a serious issue. Therefore, Cloud security and virtualization questions must be channeled in the context of Type-1 virtualization. As such Cloud security and virtualization are related in the domain of IaaS Type-1 virtualization. This is what enables the Internet infrastructure today.
- Badges
- Science method