• Title/Summary/Keyword: multi-tenancy

Search Result 11, Processing Time 0.026 seconds

High-revenue Online Provisioning for Virtual Clusters in Multi-tenant Cloud Data Center Network

  • Lu, Shuaibing;Fang, Zhiyi;Wu, Jie
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.3
    • /
    • pp.1164-1183
    • /
    • 2019
  • The rapid development of cloud computing and high requirements of operators requires strong support from the underlying Data Center Networks. Therefore, the effectiveness of using resources in the data center networks becomes a point of concern for operators and material for research. In this paper, we discuss the online virtual-cluster provision problem for multiple tenants with an aim to decide when and where the virtual cluster should be placed in a data center network. Our objective is maximizing the total revenue for the data center networks under the constraints. In order to solve this problem, this paper divides it into two parts: online multi-tenancy scheduling and virtual cluster placement. The first part aims to determine the scheduling orders for the multiple tenants, and the second part aims to determine the locations of virtual machines. We first approach the problem by using the variational inequality model and discuss the existence of the optimal solution. After that, we prove that provisioning virtual clusters for a multi-tenant data center network that maximizes revenue is NP-hard. Due to the complexity of this problem, an efficient heuristic algorithm OMS (Online Multi-tenancy Scheduling) is proposed to solve the online multi-tenancy scheduling problem. We further explore the virtual cluster placement problem based on the OMS and propose a novel algorithm during the virtual machine placement. We evaluate our algorithms through a series of simulations, and the simulations results demonstrate that OMS can significantly increase the efficiency and total revenue for the data centers.

Analysis of Data Isolation Methods for Secure Web Site Development in a Multi-Tenancy Environment (멀티테넌시 환경에서 안전한 웹 사이트 개발을 위한 데이터격리 방법 분석)

  • Jeom Goo Kim
    • Convergence Security Journal
    • /
    • v.24 no.1
    • /
    • pp.35-42
    • /
    • 2024
  • Multi-tenancy architecture plays a crucial role in cloud-based services and applications, and data isolation within such environments has emerged as a significant security challenge. This paper investigates various data isolation methods including schema-based isolation, logical isolation, and physical isolation, and compares their respective advantages and disadvantages. It evaluates the practical application and effectiveness of these data isolation methods, proposing security considerations and selection criteria for data isolation in the development of multi-tenant websites. This paper offers important guidance for developers, architects, and system administrators aiming to enhance data security in multi-tenancy environments. It suggests a foundational framework for the design and implementation of efficient and secure multi-tenant websites. Additionally, it provides insights into how the choice of data isolation methods impacts system performance, scalability, maintenance ease, and overall security, exploring ways to improve the security and stability of multi-tenant systems.

Verification Methods of OWASP TOP 10 Security Vulnerability under Multi-Tenancy Web Site's Environments (멀티테넌시 기반 웹 사이트의 OWASP TOP 10 보안취약성 검증 방법)

  • Lee, Do Hyeon;Lee, Jong Wook;Kim, Jeom Goo
    • Convergence Security Journal
    • /
    • v.16 no.4
    • /
    • pp.43-51
    • /
    • 2016
  • Nowadays hacked using a security vulnerability in a web application, and the number of security issues on the web site at many sites due to the exposure of personal information is increasing day by day. In this paper, considering the open-source Web Application Security Project at the time of production of the website. Proposed the OWASP TOP 10 vulnerability verification method, by applying the proposed method and then analyzed for improved method and vulnerability to verify the performance of security vulnerability.

Shared Distributed Big-Data Processing Platform Model: a Study (대용량 분산처리 플랫폼 공유 모델 연구)

  • Jeong, Hwanjin;Kang, Taeho;Kim, GyuSeok;Shin, YoungHo;Jeong, Jinkyu
    • KIISE Transactions on Computing Practices
    • /
    • v.22 no.11
    • /
    • pp.601-613
    • /
    • 2016
  • With the increasing need for big data processing, building a shared big data processing platform is important to minimize time and monetary costs. In shared big data processing, multitenancy is a major requirement that needs to be addressed, in order to provide a single isolated personal big data platform for each user, but to share the underlying hardware is shared among users to increase hardware utilization. In this paper, we explore two well-known shared big data processing platform models. One is to use a native Hadoop cluster, and the other is to build a virtual Hadoop cluster for each user. For each model we verified whether it is sufficient to support multi-tenancy. We also present a method to complement unsupported multi-tenancy features in a native Hadoop cluster model. Lastly we built prototype platforms and compared the performance of both models.

A Research on the Cloud Computing Security Framework (클라우드 컴퓨팅 정보보호 프레임워크에 관한 연구)

  • kim, Jung-Duk;Lee, Seong-Il
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.6
    • /
    • pp.1277-1286
    • /
    • 2013
  • Cloud computing's unique attributes such as elasticity, rapid provisioning and releasing, resource pooling, multi-tenancy, broad-network accessibility, and ubiquity bring many benefits to cloud adopters(company and organization), but also entails specific security risks associated with the type of adopted cloud and deployment mode. To minimize those types of risk, this paper proposed cloud computing security framework refered to strategic alliance model. The cloud computing security framework has main triangles that are cloud threat, security controls, cloud stakeholders and compose of three sides that are purposefulness, accountability, transparent responsibility. Main triangles define purpose of risk minimization, appointment of stakeholders, security activity for them and three sides of framework are principles of security control in the cloud computing, provide direction of deduction for seven service packages.

An Attack-based Filtering Scheme for Slow Rate Denial-of-Service Attack Detection in Cloud Environment

  • Gutierrez, Janitza Nicole Punto;Lee, Kilhung
    • Journal of Multimedia Information System
    • /
    • v.7 no.2
    • /
    • pp.125-136
    • /
    • 2020
  • Nowadays, cloud computing is becoming more popular among companies. However, the characteristics of cloud computing such as a virtualized environment, constantly changing, possible to modify easily and multi-tenancy with a distributed nature, it is difficult to perform attack detection with traditional tools. This work proposes a solution which aims to collect traffic packets data by using Flume and filter them with Spark Streaming so it is possible to only consider suspicious data related to HTTP Slow Rate Denial-of-Service attacks and reduce the data that will be stored in Hadoop Distributed File System for analysis with the FP-Growth algorithm. With the proposed system, we also aim to address the difficulties in attack detection in cloud environment, facilitating the data collection, reducing detection time and enabling an almost real-time attack detection.

High Rate Denial-of-Service Attack Detection System for Cloud Environment Using Flume and Spark

  • Gutierrez, Janitza Punto;Lee, Kilhung
    • Journal of Information Processing Systems
    • /
    • v.17 no.4
    • /
    • pp.675-689
    • /
    • 2021
  • Nowadays, cloud computing is being adopted for more organizations. However, since cloud computing has a virtualized, volatile, scalable and multi-tenancy distributed nature, it is challenging task to perform attack detection in the cloud following conventional processes. This work proposes a solution which aims to collect web server logs by using Flume and filter them through Spark Streaming in order to only consider suspicious data or data related to denial-of-service attacks and reduce the data that will be stored in Hadoop Distributed File System for posterior analysis with the frequent pattern (FP)-Growth algorithm. With the proposed system, we can address some of the difficulties in security for cloud environment, facilitating the data collection, reducing detection time and consequently enabling an almost real-time attack detection.

A Novel Methodology for Auditing the Threats in Cloud Computing - A Perspective based on Cloud Storage

  • Nasreen Sultana Quadri;Kusum Yadav;Yogesh Kumar Sharma
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.2
    • /
    • pp.124-128
    • /
    • 2024
  • Cloud computing is a technology for delivering information in which resources are retrieved from the internet through a web-based tools and applications, rather than a direct connection with the server. It is a new emerging computing based technology in which any individual or organization can remotely store or access the information. The structure of cloud computing allows to store and access various information as long as an electronic device has access to the web. Even though various merits are provided by the cloud from the cloud provides to cloud users, it suffers from various flaws in security. Due to these flaws, data integrity and confidentiality has become a challenging task for both the storage and retrieval process. This paper proposes a novel approach for data protection by an improved auditing based methodology in cloud computing especially in the process of cloud storage. The proposed methodology is proved to be more efficient in auditing the threats while storing data in the cloud computing architecture.

Extracting Neural Networks via Meltdown (멜트다운 취약점을 이용한 인공신경망 추출공격)

  • Jeong, Hoyong;Ryu, Dohyun;Hur, Junbeom
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.1031-1041
    • /
    • 2020
  • Cloud computing technology plays an important role in the deep learning industry as deep learning services are deployed frequently on top of cloud infrastructures. In such cloud environment, virtualization technology provides logically independent and isolated computing space for each tenant. However, recent studies demonstrate that by leveraging vulnerabilities of virtualization techniques and shared processor architectures in the cloud system, various side-channels can be established between cloud tenants. In this paper, we propose a novel attack scenario that can steal internal information of deep learning models by exploiting the Meltdown vulnerability in a multi-tenant system environment. On the basis of our experiment, the proposed attack method could extract internal information of a TensorFlow deep-learning service with 92.875% accuracy and 1.325kB/s extraction speed.

Cloud Security and Privacy: SAAS, PAAS, and IAAS

  • Bokhari Nabil;Jose Javier Martinez Herraiz
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.3
    • /
    • pp.23-28
    • /
    • 2024
  • The multi-tenancy and high scalability of the cloud have inspired businesses and organizations across various sectors to adopt and deploy cloud computing. Cloud computing provides cost-effective, reliable, and convenient access to pooled resources, including storage, servers, and networking. Cloud service models, SaaS, PaaS, and IaaS, enable organizations, developers, and end users to access resources, develop and deploy applications, and provide access to pooled computing infrastructure. Despite the benefits, cloud service models are vulnerable to multiple security and privacy attacks and threats. The SaaS layer is on top of the PaaS, and the IaaS is the bottom layer of the model. The software is hosted by a platform offered as a service through an infrastructure provided by a cloud computing provider. The Hypertext Transfer Protocol (HTTP) delivers cloud-based apps through a web browser. The stateless nature of HTTP facilitates session hijacking and related attacks. The Open Web Applications Security Project identifies web apps' most critical security risks as SQL injections, cross-site scripting, sensitive data leakage, lack of functional access control, and broken authentication. The systematic literature review reveals that data security, application-level security, and authentication are the primary security threats in the SaaS model. The recommended solutions to enhance security in SaaS include Elliptic-curve cryptography and Identity-based encryption. Integration and security challenges in PaaS and IaaS can be effectively addressed using well-defined APIs, implementing Service Level Agreements (SLAs), and standard syntax for cloud provisioning.