Security for Cloud Based Services

Detta är en Master-uppsats från KTH/Radio Systems Laboratory (RS Lab); KTH/Radio Systems Laboratory (RS Lab)


Cloud computing is a new buzzword in the modern information technology world. Today cloud computing can be considered as a service, similar to the way that electricity is considered a service in urban areas. A cloud user can utilize different computing resources (e.g. network, storage, software application), whenever required, without being concerned with the complex underlying technology and infrastructure architecture. The most important feature is that the computing resources are available whenever they are needed. Additionally, users pay only for the resource they actually use. As a result, cloud users can easily scale their information technology infrastructure, based on their business policy and requirements. This scalability makes the business process more agile.

The motivation for this thesis was the need for a suitable set of security guidelines for ifoodbag (and similar companies) when implementing web applications in the cloud. The goal of this thesis is to provide security in a system, being developed in another Master’s thesis project, to implement the ifoodbag web application in a cloud. To achieve this goal, we began by identifying the risks, threats, and vulnerabilities in the system model proposed by these other students for their implementation. A study was made of several different security mechanisms that might reduce or eliminate risks and secure the most vulnerable points in the proposed system’s design. Tests of these alternatives were conducted to select a set of mechanisms that could be applied to the proposed system’s design. Justification for why these specific mechanisms were selected is given. The tests allowed the evaluation of how each of these different security mechanisms affected the performance of the system. This thesis presents the test results and their analysis. From this analysis a set of mechanisms were identified that should be included in the prototype of the system. In conclusion, we found that DNSSEC, HTTPS, VPN, AES, Memcached with SASL authentication, and elliptic curve cryptography gave the most security, while minimizing the negative impact on the system. Additionally, client & server mutual authentication and a multi-level distributed database security policy were essential to provide the expected security and privacy that users would expect under the Swedish Data Protection law and other laws and regulations.

  HÄR KAN DU HÄMTA UPPSATSEN I FULLTEXT. (följ länken till nästa sida)