The proposed model for security in the cloud, controlled by the end user
The paper presents a survey and analysis of the current security measures implemented in cloud computing and the hypervisors that support it. The viability of an efficient virtualization layer has led to an explosive growth in the cloud computing industry, exemplified by Amazon’s Elastic Cloud, Apple’s iCloud, and Google’s Cloud Platform. However, the growth of any sector in computing often leads to increased security risks. This paper explores these risks and the evolution of mitigation techniques in open source cloud computing. Unlike uniprocessor security, the use of a large number of nearly identical processors acts as a vulnerability amplifier: a single vulnerability being replicated thousands of times throughout the computing infrastructure. Currently, the community is employing a diverse set of techniques in response to the perceived risk. These include malware prevention and detection, secure virtual machine managers, and cloud resilience. Unfortunately, this approach results in a disjoint response based more on detection of known threats rather than mitigation of new or zero-day threats, which are often left undetected. An alternative way forward is to address this issue by leveraging the strengths from each technique in combination with a focus on increasing attacker workload. This approach would make malicious operation time consuming and deny persistence on mission time-scales. It could be accomplished by incorporating migration, non-determinism, and resilience into the fabric of virtualization.