An Efficient Approach for Cloud Computing based

International Journal of Applied Engineering Research, ISSN 0973-4562 Vol.7 No.11 (2012) © Research India Publications; http://www.ripublication.com/ijaer.htm

An Efficient Approach for Cloud Computing based on Hierarchical Secure Paravirtualization System Resource Model Deepika Patidar, P S Patheja and Akhilesh A.Waoo Department of Computer Science Bansal Institute of Science & Technology, Bhopal, MP India

Abstract Paravirtualization is an enhancement of virtualization technology in which guest operating system is recompiled prior to installation inside a virtual machine. Paravirtualization allows for an interface to the virtual machine that can differ from an underlying hardware. Cloud computing depends on paravirtualization for more efficient system resources like processors and memory. Paravirtualization used for cloud computing to implementing service and distributed resource to end user over the web as web service. The cloud computing is a new computing model which comes from grid computing, distributed computing, parallel computing, virtualization technology and other computer technology and it has more advantage characters such as large scale computation and data storage, virtualization, high expansibility, high reliability and low price service. The major issue of paravirtualization is a security when user stipulate for cloud resources. Cloud computing services are providing on-demand resources via paravirtualization technologies. This will make cloud computing a potential target for cyber attacks. Most proposed security models for paravirtualization are working above virtualization on host OS. Almost all proposed cloud security models suffers from this problem in that these models have very limited control over virtualization. In this paper a Hierarchical Secure Paravirtualization System Resource Model (HSPSRM) is proposed to provide threat quarantine and conquer in addition to complete control on virtualization. HSPSRM needs to be implemented under the virtualization level and eventually moving up to the guest OS. This security model has the potential to protect various cloud service models implemented by cloud vendors, such as IaaS, PaaS, dSaaS, and SaaS, and improves cloud vendor control level in IaaS. To the best of our knowledge, model or implementation like HSPSRM, able to protect the cloud from DDoS attack, unauthorized access, data leakage as well. This architecture model will integrate cloud security components like interceptor, warning recorder, etc to reduce the computation thereby enhancing the security of cloud protection system. KeywordsCloud computing, Virtualization, Paravirtualization security, Virtual Machine, Virtual Machine, intrusion prevention system Monitor, Interceptor, Warning Recorder

INTRODUCTION Cloud computing has become one of the key consideration both academic and industries. Cloud computing has become

one of the most important evolution in computer science recently. The success of cloud is depends on unlimited computing resources almost instantaneously and pay-per-use pricing schemes. The cloud computing system provides the services for user and the character of high scalability and reliability. The users can access your application and data from anywhere. Resource in cloud system can be shared among a large number of users. According to the US National Institute of Standard and Technology define cloud computing as a model for enabling access pool of resources such as server, network, application and service with low cost and minimal management. They characterized cloud model on five characteristics and four deployment models. The characteristics consist of on-demand self-service, Broad network access, resource pooling, rapid elasticity, and measured pay-as-you-go services. The main security problem includes data security, user data privacy protection, cloud computing platform stability and cloud computing administration. The security issues of cloud computing become enormous since it encompasses with many technologies including networks, databases, operating systems, Virtualization, resource scheduling, load balancing and memory management. Therefore, security issues meant for these systems and technologies are applicable to cloud computing. Cloud computing has become a more popular with the concept of virtualization. It is the fundamental parts of cloud computing through this the services are hosted for a large number of users. It is a technology where multiple Operating Systems can run simultaneously on a single physical machine, sharing the resources of that single machine. No one can deny the advantages of cloud computing, but since it is still a new technology, there are vulnerabilities that need to be addressed. While cloud customers and providers are investigating on cloud, providing secure communication and services are necessary, as there are attacks on web applications (e.g. SQL injection, Cross-Site Scripting,DOS)and networks, as shown by the reports that demonstrate different common attacks on cloud computing as environments. Usually vulnerabilities concerns to accessibility, virtualization, web application, privacy control issue, confidentiality, and integrity,whether they are insider attack or outside ones, and there is no exception for cloud computing as well Cloud attacks surfaced as service-touser, user-to-service, cloud-to-service, service-to-cloud, cloud-to-user, and user-to-cloud. It is pointed out that, as well as buffer overflow, SQL injection, and other attacks which are possible on client server architecture, can be a threat for service-to-user. Attack on browser cache is noted as

International Journal of Applied Engineering Research, ISSN 0973-4562 Vol.7 No.11 (2012) © Research India Publications; http://www.ripublication.com/ijaer.htm user-to-service attack while the denial of service (DoS) is considered as a cloud-to-service attack. Privacy attacks, malicious interface, and availability reductions are the possible attacks in service-to-cloud. The last surface is fake usage bill which represent the cloud provider or any other attacks which involve the user as a customers.There are several models and tools to enhance security and prevent attacks on applications, data storages, data centers and any other hardware or software resources. Firewalls and Antivirus have been commonly used to protect the servers and clients from attackers and any unauthorized accesses. But unfortunately using these two approaches are inadequate and it gives rise to the demand for another tool and thus encouraged experts to develop an application which is called an intrusion Prevention system (IPS). Intrusion Prevention systems will not only detect the intrusions but will take action like terminating the connection. Intrusion Prevention systems also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and /or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity. Intrusion prevention systems are considered extensions of Intrusion detection system because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address. An IPS can also correct Cyclic Redundancy Check (CRC) errors, unfragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options. It is classified in categoriesNetwork-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity. Wireless intrusion prevention systems (WIPS) - monitors a wireless network for suspicious traffic by analyzing wireless networking protocols. Network behavior analysis (NBA) - examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware, and policy violations. Host-based intrusion prevention system (HIPS)- an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. The majority of intrusion prevention systems utilize one of three detection methods: signature-based, statistical anomaly-based and stateful protocol analysis. Signature-Based Detection- This method of detection utilizes signatures, which are attack patterns that are preconfigured and predetermined. A signature-based intrusion prevention system monitors the network traffic for matches to these signatures. Once a match is found the intrusion prevention system takes the appropriate action. Signatures can

be exploit-based or vulnerability-based. Exploit-based signatures analyze patterns appearing in exploits being protected against, while vulnerability-based signatures analyze vulnerabilities in a program, its execution, and conditions needed to exploit said vulnerability. Statistical anomaly-based detection- This method of detection baselines performance of average network traffic conditions. After a baseline is created, the system intermittently samples network traffic, using statistical analysis to compare the sample to the set baseline. If the activity is outside the baseline parameters, the intrusion prevention system takes the appropriate action. Stateful Protocol Analysis Detection- This method identifies deviations of protocol states by comparing observed events with “predetermined profiles of generally accepted definitions of benign activity. The goal of this paper is organized as follows: explains the definition of the intrusion prevention system and the importance of it in cloud environment. It presents the related work of intrusion Prevention systems and virtualization. It describes HSPSRM which uses virtualization with Intrusion Prevention system to increase the security in cloud. The remaining session of the paper contains cloud computing, types, Intrusion Prevention system in cloud, virtualization, paravirtualization, and Security issue of cloud Paravirtualization, Hierarchical Secure Paravirtualization System Resource Model (HSPSRM) and finally draw conclusion.

CLOUD COMPUTING Cloud computing is a technology that uses the internet & central remote server maintained data and application. Cloud computing allows consumers and business to use application without need installation and access their personal file at any computer with the internet access. This technology allows for much more inefficient centralizer storage memory, processing & bandwidth. A simple example of cloud computing yahoo, gmail, hotmail. You doesn’t need a software or server to use them. All consumer would need is just an internet connection & you start sending emails. Cloud computing is an broken down in three segment application, storage, connectivity. Cloud computing is internet based computing, which delivers shares resources, software, business processes and information to computer and other device on demand. Taxonomy can be divided into the following types: 1. Public clouds: where the IT capabilities that are offered by cloud providers to any customers over the internet. 2. Private clouds: where IT capability is offered to a select group of consumers who are part of an enterprise. The cloud service provider may be an internal IT organization (i.e., the same organization as the consumer) or a third party. 3. Hybrid clouds: in which the environment is created through the usage of a combination of private and public cloud offerings by an organization. 4. Internal clouds: is a subset cloud is an IT capability offered as a service by an IT organization to its own


5.

business. External clouds: is IT capability offered as a service to a business that is not hosted by its own IT organization. An external cloud can be public or private, but must be implemented by a third party.

From a point of view of architectural service layers based on the services provided using the cloud model, the ecosystem can be broadly divided into three: 1. Software as a Service (SaaS): forms the top layer featuring a complete application provided in a multitenant environment. One prominent example of SaaS is Sales force. 2. Platform as a Service (PaaS): providing a development and deployment middleware layer. Key players include the Microsoft Azure platform [3] as well as Google App Engine. 3. Infrastructure as a Service (IaaS): the lowest layer delivering services like compute storage and network. One prominent example of IaaS is Amazon EC2 service. The work reported here mainly deals with the IaaS service delivery model..

Fig 1-Cloud Computing Service Model Architecture

VIRTUALIZATION TECHNOLOGY Virtualization is the creation of a virtual (rather than actual) version of something, such as an operating system, a server, a storage device or network resources. You probably know a little about virtualization if you have ever divided your hard drive into different partitions. A partition is the logical division of a hard disk drive to create, in effect, two separate hard drives. Operating system virtualization is the use of software to allow a piece of hardware to run multiple operating system images at the same time. The technology got its start on mainframes decades ago, allowing administrators to avoid wasting expensive processing power. In 2005, virtualization software was adopted faster than anyone imagined, including the experts. There are three areas of IT where virtualization is making head roads, network virtualization, storage virtualization and server virtualization: Network virtualization is a method of combining the available resources in a network by splitting up the available bandwidth into channels, each of which is independent from the others, and each of which can be assigned (or reassigned) to a particular server or device in real time. The idea is that virtualization disguises the true complexity of the network by

separating it into manageable parts; much like your partitioned hard drive makes it easier to manage your files. Storage virtualization is the pooling of physical storage from multiple network storage devices into what appears to be a single storage device that is managed from a central console. Storage virtualization is commonly used in storage area networks (SANs). Server virtualization is the masking of server resources (including the number and identity of individual physical servers, processors, and operating systems) from server users. The intention is to spare the user from having to understand and manage complicated details of server resources while increasing resource sharing and utilization and maintaining the capacity to expand later. Virtualization can be viewed as part of an overall trend in enterprise IT that includes autonomic computing, a scenario in which the IT environment will be able to manage itself based on perceived activity, and utility computing, in which computer processing power is seen as a utility that clients can pay for only as needed. The usual goal of virtualization is to centralize administrative tasks while improving scalability and workloads.

PARAVIRTUALIZATION Paravirtualization allows multiple operating systems to run on a single hardware device at the same time by more efficiently using system resources, like processors and memory. “Para-“is an English affix of Greek origin that means "beside," "with," or "alongside.” Given the Meaning “alongside virtualization,” paravirtualization refers to communication between the guest OS and the hypervisor to improve performance and efficiency. In full virtualization, the entire system is emulated (BIOS, drive, and so on), but in paravirtualization, its management module operates with an operating system that has been adjusted to work in a virtual machine. Paravirtualization typically runs better than the full virtualization model, simply because in a fully virtualized deployment, all elements must be emulated. Paravirtualization is an enhancement of virtualization technology in which a guest OS is recompiled prior to installation inside a virtual machine. Paravirtualization allows for an interface to the virtual machine that can differ somewhat from that of the underlying hardware. This capacity minimizes overhead and optimizes system performance by supporting the use of virtual machines that would be underutilized in conventional or full virtualization. The main limitation of paravirtualization is the fact that the guest OS must be tailored specifically to run on top of the virtual machine monitor (VMM), the host program that allows a single computer to support multiple, identical execution environments. However, paravirtualization eliminates the need for the virtual machine to trap privileged instructions. Trapping, a means of handling unexpected or unallowable conditions, can be time-consuming and can adversely impact performance in systems that employ full virtualization. Paravirtualization is an expansion of a technology that has existed for years in the IBM OS known as VM. Xen, an opensource software project, incorporates paravirtualization.


Fig 2-Para Virtualization

Paravirtualization works best in these sorts of deployments: 1. Disaster recovery In the event of a catastrophe, guest instances can be moved to other hardware until the equipment can be repaired. 2. Migration Moving to a new system is easier and faster because guest instances can be removed from the underlying hardware. 3. Capacity management Because of easier migrations, capacity management is simpler to implement. It is easier to add more processing power or hard drive capacity in a virtualized environment.

SECURITY ISSUES OF CLOUD PARAVIRTUALIZATION The cloud computing are highly Paravirtualized and standardized infrastructures and it give more efficient and application management. The cloud system is running in the internet and the security problems in the internet also can be found in the cloud system. The cloud system is not different the traditional system in the PC and it can meet other special and new security problems. The biggest concerns about cloud computing are security and privacy. The traditional security problems such as security vulnerabilities, virus and hack attack can also make threats to the cloud system and can lead more serious results because of Property of cloud computing. Hackers and malicious intruder may hack into cloud accounts and steal sensitive data stored in cloud systems. The data and business application are stored in the cloud center and the cloud system must protect the resource carefully. Cloud computing is a technology evolution of the widespread adoption of virtualization, service oriented architecture and utility computing. Over the Internet and it includes the applications, platform and services. If the systems Meet the failure, fast recovery of the resource also is a problem. The cloud systems hide the details of service implementation Technology and the management. The user can’t control the progress of deal with the data and the user can’t make sure the data security by themselves. The data resource storage and operation and network transform also deals with the cloud system. The key data resource and privacy data are very import for the user. The cloud must provide data control system for the user. The data security audit also can be deployed in the cloud system. Data moving to any authorized place you need it, in a form that any authorized application can use it, by any authorized user, on any authorized device.

Data integrity requires that only authorized users can change the data and Confidentiality means that only authorized users can read data. Cloud computing should provide strong user access control to strengthen the licensing, certification, quarantine and other Aspects of data management. In the cloud computing, the cloud Provider system has many users in a dynamic response to changing service needs. The users do not know what position the data and do not know which servers are processing the data. The user do not know what network are transmitting the data because the flexibility and scalability of cloud system. The user can’t make sure data privacy operated by the cloud in a confidential way. The cloud system can deploy the cloud center in different area and the data can be stored in different cloud Node. The different area has different law so the security Management can meet the law risk. Cloud computing service must be improved in legal protection. The world of computation has changed from centralized to distributed systems and now we are getting back to the virtual centralization called Cloud Computing. The word computation get differs only with locality of data and processing happens with that data. ParaVirtualization is an important enabling technology which hides its physical characteristics and provides user the abstract environment to access. Physical servers, storage, virtual host, guest virtual machine all together connected are called virtualization software. Hypervisor is a piece of software which makes possible of running multiple OS in a single machine. Although this provides a means to generate virtualized resources for sharing, also increases the attack surface. Hence the mechanisms to ensure secure communications between VMs are needed. This could be possible with detecting mechanism in the virtual machines. Some of possible attacks in Paravirtualization were analyzed from are listed as below. Table 1-Types of attack in Paravirtualization S. no. 1

Attacks

Causes

Jailbreak

2

Migration

3

Client side

4

Virtual network service

5

Network virtual service

Any action which results in a user or administrator of one guest gaining unauthorized access to the underlying host or to a different guest. The capability to move a guest from one physical host to another physical host Either to adapt to changes in capacity requirements or to enable hardware maintain without guest downtime Attacks leverage common desktop software such as web-browsers, emailclient and media-players. When a remote attacker gains unauthorized access to a guest or host through exploitation of a listening service. The attacker recovers the encryption keys by observing the system load, timing, and other characteristics of the system during encryption.

International Journal of Applied Engineering Research, ISSN 0973-4562 Vol.7 No.11 (2012) © Research India Publications; http://www.ripublication.com/ijaer.htm INTRUSION PREVENTION SYSTEM IN CLOUD In this section we discuss several methods proposed for preventing the cloud from attacks and intruders, focusing on the combination of Virtual Machines (VMs) and intrusion prevention system. Different researches have been deployed on available cloud virtualization which gained new approaches as well. Cloud users and providers have their own set of core security requirements, as shown in Table2 Table 2. Requirements MONITORING

for

CLOUD

SECURITY

Requirement Confidentiality

Definition It ensures that certain information is never disclosed to unauthorized entities. Integrity This ensures message has not been distorted by malicious nodes or by communication faults. Authentication This authenticates the source of message and the user/node/base-station is indeed the entity that it claims to be. Availability It ensures desired service may be available whenever required. Effectiveness The main goal of security in cloud is effectively prevents\detects, vulnerabilities and attacks. Precision Systems need to enhance its accuracy in terms of detection attacks with minimum false-positive and false-negative rates. Transparency The security model must have minimum visibility from cloud service provider, developers, and service users and attackers sight. Non-Subvert The cloud host and physical layer in ability addition to VMs must be protected against compromised service users with infeasibility To suspending the alarm system. Deployability The system must be possible to be implemented over various available cloud architectures. Dynamicreaction System must be able to employ impressive techniques to defeat attacks intrusion with minimal effect on legitimate process and Functionalities. Accountability Security system must not affect the cloud’s core functionality and applications, while it must log cloud activities to enable Accountability.

Host tools are efficient and powerful in monitoring host systems for detecting and preventing attacks, even though it is very difficult to detect new attacks (e.g. polymorphism and metamorphism). Meanwhile, it is true that network based tools are not very good for monitoring, detecting and preventing the host system from the attacks, but it is working very positively resistance against the attacks Traditional intrusion detection system cannot easily deal with new attacks, such as DDoS, and coordinated attacks. The mechanism proposed in attempts

to overcome the shortcomings of traditional IDSs for distributed systems and cloud computing environments in order to speed up the response time, detecting, and capturing of new threats and intrusions, thus decreasing false alarms. Furthermore, it can compact similar alerts and detect more anomaly behaviors in correlating alerts coming from heterogeneous platforms. By means of classification, training, feature extraction, and meta-learning, a data mining algorithm is utilized to detect and flag malicious attacks with VMM-IDS in virtualized server application to facilitate management and isolation of VMs. VMM enhances the invisibility of the intrusion detection system and it can be used as a shield to avoid the intrusion detection systems from being detected and compromised, especially HIDSs. Furthermore, not only developing the VMM-IDS is much easier, but also HIDS and NIDS can be combined to enjoy the advantages both of them. In this case, it is possible to detect unknown and well-known attacks as well. They could increase the accuracy rate with a low percentage of false alarms.

HIERARCHICAL SECURE PARAVIRTUALIZATION SYSTEM RESOURCE MODEL The Hierarchical Secure Para Virtualization system Resource Model (HSPSRM) uses standard cloud architecture (See Figure 1), which build IaaS on Virtual Machines (VMs) and workload are usually integrated from the guest OS and the user processes. In order to secure these VMs and their transactions with other VMs, Virtual Machine Monitor (VMM) is introduced as an abstract module above virtualization which provides techniques and methods for securing VMs. Methods usually are based on IDS/IPS in combination with Service-Level Agreement (SLA) and Access Control List (ACL). In our general cloud security model (HSPSRM) all seven requirements in Table 1 are met in all level from Host OS up to the guest OS. The main concept is to build a hierarchical isolate-defeat mechanism, to protect the whole virtualization against malicious activities, detecting without preventing legitimate operations from continuing their activities. To reach this, it is required to have a comprehensive control over virtualization. System resources will be wasted if Host OS Methods are applied to control all virtualization in terms of security. Instead of implementing normal model for cloud, we propose a new foundation layer for virtualization, which is called Para Virtualization Basement (PV-Basement). This layer divides virtualization into two separate wellmonitored components.


CLOUD SERVICE CONSUMER (CSU) Software as a Service (SaaS) Platform as a Services (PaaS) Infrastructure as a Service (IaaS)

PRIMARY VM Process Duplicator

VMM - Master

VM Shadow

V-Basement Communicator

Paravirtualization Fig 4-Primary VM - Master

Para virtualization Basement VM PVD

VM PVD Driver Virtual Platform Hyper Visor

Operating System (Physical host) Physical Hardware Fig 3-Hierarchical Secure Para virtualization System Resource Model Virtualization takes place inside PV-Basement, instead of having a solid Para virtualization. Hence virtualization could be classified based on services required by end guest machine (VM), regardless of who is going to use this machine as service user (SU). This will increase the feasibility of applying security procedures. It is necessary to specify IDS for each data flow source based on its application (e.g. Web Server, Data Storage, etc.). This specification allows for lightweight IDSs, instead of huge resource-consuming IDS. 1. Primary Virtual Mechanism: A new module is introduced as Primary Virtual Mechanism (PVM). Each PVM contains only specific group of services and applications at the end VMs. Also Inter-PVM Monitor module is added to enable secure communication between PVMs. The idea behind using these modules is providing a semi-VMM service between classified Primary Virtual Machines and a secure channel among PVMs and Host OS. There are four components inside each PVM (see Figure 4).

PV-Basement Communicator provides routines and interfaces for PVM to communicate with Host OS. The next module, i.e. the VM-Shadow allows legitimate processes to continue when malicious activity is detected in a specific EndVM or a group of End-VMs inside a VMM. The mechanism works because all VMs in a specific PVM are similar from the views of applications and implementation. When a new VM is created for SU, VM-shadow starts to take snapshots from the VM (scheduled based on service type and criticality). Therefore, the VM-Shadow has all required information to regenerate a shadow copy to the closest possible state of a selected VM on-demand. 2.Virtual Machine Monitor-Master: The VMM-Master coordinates all VMMs inside the primary VM. This will give another level of abstraction which equips the system with the ability to create a restriction zone for a specific group of VMs without interfering with other VMs by restricting a selected VMM using the firewall module. There is an Inter-VM Monitor with the same abilities of VMM but in one outer layer to enable the features described above. It also has a stream buffer, to help its internal IDS to have access to larger amount of data flow without directly accessing the host OS memory and an Access Control Level (ACL) to control authorized policies.

VMM- M VMM – Master Communicator

Stream Buffer IDS Unit

Inter VMM Monitor

ACL Analyzer Firewall

VMM 1 VMM 2 VMM n

Figure 5. Virtual Machine Monitor-Master (VMM-M)

International Journal of Applied Engineering Research, ISSN 0973-4562 Vol.7 No.11 (2012) © Research India Publications; http://www.ripublication.com/ijaer.htm 3. Para Virtualization Basement (PV-Basement): PV-Basement provides abstracted virtualization by dividing virtualization method hierarchically into primary VMs and the following modules. Inter-PVM Monitor performs VMM roles between PVMs, providing secure communication channels between all the above layers and the actual physical layer (hardware) through Host OS. In this module there is a direct access to the network layer where it is recommended to add a network layer IDS as well (see Figure 5).

Para virtualization Basement Inter – PVM Monitor

Network Layer

Host OS Communicat

DDOS detection/ Prevention Method Primary VM 1 Primary VM 2 Primary VM n

Figure 6.Paravrtualization Basement

CONCLUSION In this paper, we have studied several security issues of cloud computing and address the attack causes in the Paravirtualization environment. HSPSRM is introduced to address cloud security drawbacks caused by classic virtualization methods; HSPSRM proposes a Novel hierarchical mechanism which significantly improves vendor control in IaaS. In addition, it provides a practical solution by reacting to intrusions with an isolate-conquer approach. We believe that HSPSRM, which combines virtualization and intrusion detection system, can increase the detection rate and provide protection against attacks targeting virtualization, and consequently will result in reliable cloud security. Although HSPSRM is expected to be expensive in terms of implementation cost and performance, we believe that it is worth the higher security it provides. HSPSRM is proposed based on some assumptions and our best knowledge. future work focuses on improving scalability and performance in the architecture

References [1] Cloud computing : A practical approach, Anthony T. Velte, Toby J. Velte, Ph. D. Robert, Elsenpeter. [2] http://searchsecurity.techtarget.com/definition/intrusio n-prevention. [3] http://en.wikipedia.org/wiki/Intrusion_prevention_syst em.

[4] Wentao Liu, 2012,Consumer Electronics, Communications and Networks (CECNet), 2nd International Conference , Research on Cloud Computing Security Problem and Strategy, Dept. of Computing & Inf. Eng., Wuhan Polytech. Univ., Wuhan, China. [5] Cloud Security Alliance:http://www.cloudsecurityalliance.org/ [6] C. Brooks and J. Maitland, Feb. 2011 “Cloud security advances not yet on IT radar”, searchcloudcomputing.com. [7] “EU Data Protection Directive (Directive 95/46/EC)”, Jan.2008, http://searchsecurity.techtarget.co.uk/definition/EUDat a-Protection-Directive [8] Balachandra Reddy Kandukuri, Ramakrishna aturi V, Dr.Atanu Rakshit,April 2011, “Security of Cloud Computing Providers Study”“ Cloud Security Issues” , Ponemon Institute Research Report in IEEE International Conference on Services Computing 2009. [9] Aiiad Albeshri, William Caelli, 2010” Mutual Protection in a Cloud Computing Environment” in 12th IEEE International Conference on High Performance Computing and Communications. [10] Kevin Hamlen, Murat Kantarcioglu, Latifur Khan, Bhavani Thuraisingham, April-June 2010”Security Issues for Cloud Computing”in International Journal of Information Security and Privacy, 4(2), 39-51, [11] F. Siebenlist, 2009 Challenges and opportunities for virtualized security in the clouds. In SACMAT ’09: Proceedings of the 14th ACM symposium on access control models and technologies, ACM, New York, NY, USA,. p. 1–2. [12] F. Lombardi, R. Di Pietro, June 2010 “Secure Virtualization for cloud computing”. Journal of Network and Computer Applications, Elsevier [13] R. Riley, X. Jiang, D. Xu, 2008 “Guest-transparent prevention of kernel rootkits with vmm- based memory shadowing”. In RAID ’08: Proceedings of the 11th international symposium on recent advances in intrusion detection, Springer-Verlag, Berlin, Heidelberg, . p. 1–20. [14] D. Nurmi, R. Wolski, C. Grzegorczyk, G. Obertelli, S. Soman, L. Youseff, D. Zagorodnov, 2009 “The Eucalyptus open-source cloud-computing system”. In CCGRID ’09: Proceedings of the 2009 9th IEEE international symposium on cluster computing and the grid, IEEE Computer Society, Washington, DC, USA, . pp. 124–31. [15] F. Lombardi, R. Di Pietro 2010,” A security management architecture for the protection of kernel virtual machines”. In TSP ’10: Proceedings of the Third IEEE international symposium on trust, security and privacy for emerging applications (to appear), IEEE Computer Society, Washington,DC, USA, [16] B. D. Payne, M. Carbone, M. Sharif, and W. Lee, “Lares 2008 : An architecture for secure active monitoring using virtualization,” in SP ’08: Proceedings of the 2008 IEEE Symposium on Security

International Journal of Applied Engineering Research, ISSN 0973-4562 Vol.7 No.11 (2012) © Research India Publications; http://www.ripublication.com/ijaer.htm and Privacy (sp 2008). Washington, DC, USA: IEEE Computer Society, 2008, pp. 233–247. [17] M. Peter, H. Schild, A. Lackorzynski, A. Warg ,2009 “Virtual machines jailed: virtualization in systems with small trusted computing bases”. In VDTS ’09: Proceedings of the 1st EuroSys Workshop on Virtualization technology for dependable systems, ACM, USA, .p. 18–23