Cyber Security and Network Security. Группа авторов
Чтение книги онлайн.

Читать онлайн книгу Cyber Security and Network Security - Группа авторов страница 11

СКАЧАТЬ request. For securing cloud base applications, metadata exchange is also necessary to maintain nondisrupting service. Any hacker can easily take advantage of those metadata and use that for any malicious intention like malware injection and many others. In this case, a hacker needs to inject malicious code or service of the valid instance running in the cloud. If the hacker is successful, then the cloud will suffer from deadlocks and eavesdropping which forces real users to wait until the process is not completed. This type of attack is also known as metadata spoofing attack. In this way, anyone can get access to the cloud easily [3, 4].

      Imagining that Raspberry Pi is connected to the internet using a wireless router and it sends data to the cloud. Here, if any hacker joins the network, then he places himself between two communicating parties and relaying messages for them. Here, the hacker is also getting full access to the data, and he can also monitor and change the contents of messages.

      SQL injection is an attack that toxins dynamic SQL statements to comment out certain parts of the statement or append a condition that will ceaselessly be true. It takes advantage of the planning flaws in poorly designed net applications to require advantage of SQL statements to execute malicious SQL code. Thus, in our proposed approach, we have used a NoSQL database. In a NoSQL database, traditional SQL injection should not cause a risk to the system.

      In the paper “Security Enhancement for Data Migration in the Cloud”, J. R. N. Sighom et al. discussed regarding securing data in the cloud are one of the key roles. To maintain the privacy and security of data, researchers have combined several encryption algorithms like IDA (Information Dispersal Algorithm), SHA 512 (Secure Hash Algorithm), and AES 256 (Advanced Encryption Standard). The encrypted data is split into several parts. During the decoding process, the validation stages are observed first. IDA is used after the reconstruction of encrypted data, and it is reconverted into the initial data using AES 256. Consistent with the result, the common execution time is higher when the decoding time process is verification 1.453 [6].

      Researchers have also tried to improve the security of data in the cloud by using the DES (Data Encryption Standard) and AES (Advanced Encryption Standard) algorithm together. Cloud computers well describe the set of resources or services that it offers on the internet, to meet the requirements of cloud providers [7].

      Cloud computing systems have come a long way in implementing and executing applications in a sandboxed environment minimizing threat, and maximizing reliability, scalability, availability, and security. Although there has been much research to make the cloud platforms interoperable in between multiple organizations by organizing and reorganizing the cloud federation [8, 9], i.e., giving the companies the power to collaborate and share resources among each other. Multiple federation architecture is being proposed such as cloud brokering, aggregation, and cloud bursting and is worked upon to find out the most suitable among them [10]. However, there have been issues of portability and interoperability among them [11]. Primarily, the partially coupled federation is being followed where the company private servers and the services hosted on the public cloud are interoperable and there is an understanding and sharing of resources between the servers depending on the flow of traffic and load.

      1.3.1 Proposed System Design and Architecture

Schematic illustration of the proposed system design architecture.

      1.3.2 Modules

       1.3.2.1 Compute Instances

      Provisioned in the VPC, the API Gateway facilitates the use of REST API to congregate data requested from the web application and provides public endpoints for further future expansion of the client side architecture.

       1.3.2.3 Storage Bucket (Amazon S3)

      In our proposed architecture, we are using Amazon Simple Storage Service (Amazon S3) which provides secure, high-scalable, and durable object storage. Simply log in and seamlessly move and share data stored in S3 across any storage resources employing a unified, intuitive interface. Here, we are storing the data like large files and databases, which is being shared among themselves. In our proposed model, we have stored the static data or data in rest (i.e., object) in Amazon S3.

       1.3.2.4 Lambda

      AWS Lambda is a compute service which gets activated on demand. In our proposed model, we have used AWS Lambda for size reduction of files by compressing them as much as possible before getting stored in a storage bucket. Whenever an object is sent to a storage bucket from the server, lambda is called. It takes the object from the storage bucket and reduces the size by compressing them and stores them in another storage bucket, data being encrypted at rest.

       1.3.2.5 Load Balancer

      Load unbalancing is a serious problem that inhibits the performance and efficiency of compute resources. In our proposed model, the load balancer distributes the incoming traffic or load among the compute instances equally to maintain the balance of the server. Problems like server overload or under-load can be avoided using load balancer. Load balancer improves the real-time necessary constraint parameters like response time, execution time, and system stability [12].

       1.3.2.6 Internet Gateway

      In our proposed model, the Internet Gateway links the Virtual Private Cloud (VPC) with the public internet.

       1.3.2.7 Security Groups

      Security groups are instance level firewalls. Security groups can be configured to stop incoming and outgoing traffic in instances. In our proposed model, an advantage of using security groups is that it is a straight full service which means СКАЧАТЬ