Evaluation of Cloud Security under Firewalls

- Ankush Vee Graduate Project Spring 2012

Committee Members Dr. Mario Garcia Dr. Long Zhuang Li Dr. David Thomas

Outline
Aims and Objectives Cloud Security Issues Existing models Proposed model Simulations Results Conclusion and Future work Demo References

Aim
To evaluate the cloud performance under the secure firewall implementation and block the unwanted web traffic using the OPNET IT guru simulation.

Objective
To review the cloud security issues and the current security models To propose a new security model for cloud data and information security To design the simulation using OPNET It guru and create three scenarios To measure the performance of the cloud under these three scenarios using some performance metrics To compare the scenario results and corresponding graphs and to evaluate the performance of cloud

Cloud Security Issues

Privacy issues Availability and backup Access issues Trust Illegal secondary usage Data proliferation issues

Existing models
Cloud cube model
Organization boundaries Open/propriety Parameterized/De-parameterized Insourced/Outsourced nature of cloud

Data security model

User authentication Data encryption process Fast recovery data

Proposed model
Here, three scenarios are created: - No Firewall scenario

- Firewall scenario
- Firewall scenario: Blocking Web access

Proposed model (contd..)

No firewall scenario:
The objective of this scenario is to impose no firewall conditions across the network.

To set up this network, the following objects are needed:

The application configuration object is used to define the applications
The profile configuration object is used to define the application profiles Ip32_cloud object is used to act as the internet cloud

Proposed model (contd..)

10BaseT_LAN object is used to act as the home office which supports 150 workstations Two ppp_server objects are used to act as the database server and web server Two ethernet4_slip8_gtwys are used to act as east router and west router

A heavy database access application is used in this simulation such that imposes more database queries over the database server.
9

Proposed model (contd..)

Figure 1. No firewall scenario

10

Proposed model (contd..)

Firewall scenario
The scenario is duplicated and required firewall scenario is created Here, a firewall router is created. Constant packet latency of .05 seconds are imposed for packet filtering

11

Proposed model (contd..)

Firewall scenario: Block Web access
This scenario is created by duplicating second scenario, where the aim is to block unauthorized web access.

12

Simulation procedure
OPNET IT guru as simulation tool
Provides rich user interface This has an object palette Compare scenarios Three levels of performance metrics

13

Simulation procedure (contd..)

Simulation of No firewall scenario
Application Configuration settings: Rename a row as Database and choose the heavy load database against the Database application Rename another row as web and choose heavy browsing against HTTP application

Figure 2. Application configuration settings

14

Simulation procedure (contd..)

Profile configuration settings

Figure 3. Database profile configuration

Figure 4. Web profile configuration

15

Simulation procedure (contd..)

Cloud configuration:
The packet latency is set to 0.05 seconds it indicates that, the maximum packet delay across the cloud due to the web and database applications is 50ms Each and every packet is processed across the cloud with this limited delay

Figure 5. IP32 Cloud configuration

16

Simulation procedure (contd..)

West router and East router Configuration:
Ethernet4_slip8_gtwy object is dragged from the object palette and renamed as Router_West They are connected to the IP32 cloud using the PPP_DS1 links

Figure 6. West and East router configuration

17

Simulation procedure (contd..)

Home office configuration:
Number of workstations are set to 150
Database profile is added the number of users are set to 50 Another profile is set to web profile and the number of users are set to 100

Figure 7. Home office configuration

18

Simulation procedure (contd..)

Server Configuration:
Two PPS servers are dragged from the object palette and they are set as database server and web server. Right click on the database server and choose edit attributes Edit the application supported profiles and set Database application as supported

Figure 8. Database server configuration

19

Simulation procedure (contd..)

Performance metrics:
OPNET IT guru provides three levels of performance evaluation like at the global level, node level and link level

Figure 9. Three levels of performance metrics

20

Simulation procedure (contd..)

Figure 10. Global statics

Figure 11. Node Statics

Figure 12. Link Statics

21

Simulation procedure (contd..)

Simulation of firewall scenario
From the option model choose, ethernet2_slip8_firewall such that now the router acts as a firewall
Proxy server information option is expanded and the row 1 option is edited such that the latency is set a constant value of 0.05

Figure 13. Procedure to duplicate scenario

22

Simulation procedure (contd..)

Figure 14. Firewall configuration

Figure 15. Firewall scenario setup

23

Simulation procedure (contd..)

Simulation of Firewall blocking scenario:
Expand the Proxy server information and choose the row 4 i.e. HTTP
Set the proxy server deployed option to No

Figure 16. Blocking web traffic

24

Simulation procedure (contd..)

Running the simulation:

Figure 17. Manage scenarios

Figure 18. Simulating scenarios for One hour

25

Results
Results for Database application
Database query response time: This indicates overall performance of the database application

When the unwanted web traffic is blocked, the overall performance of the database application is enhanced and also the security across the cloud is enhanced.

Figure 19. DB query response time

26

Results (contd..)
Server DB query load: The overall load on the database server is estimated When there is firewall over the network the overall load on the database server is increased as due to the additional security firewall policies.

Figure 20. DB server query load

27

Results (contd..)
Database Server point to point utilization: This indicates the application performance against the key security issues. The point to point utilization of the database server is increased when there is firewall across the cloud.

Figure 21. DBserver point to point utilization

28

Results (contd..)
Results for web application
Page response time for no firewalls scenario: The average response time is constant across the simulation and the maximum time consumed in this context is one minute The flow of the web application is constant across the cloud without any limitations
Figure 22. HTTP response time

29

Results (contd..)
Page response time across firewalls scenarios: The average maximum page response time across the web application is 6 seconds From the overall analysis it can be understood that blocking the web traffic will increase the page response time.
Figure 23. HTTP response time

30

Results (contd..)
Cloud performance
Point to point cloud utilization across west router:
This indicates overall point to point cloud utilization across the west router The overall utilization of the cloud can be optimized when the web traffic is blocked using the firewalls.

Figure 24. Cloud utilization across west router

31

Conclusion
Providing security to the database resources and web resources is a tedious task A new security model is proposed and the proposed design is explained, OPNET IT guru is used for simulation From the overall analysis of the results the proposed firewall model is well used for enhancing the database application

32

Future work
More number of applications can be used to evaluate the performance of the security model proposed Combined clouds and hybrid clouds can be used in future to evaluate the security requirements

33

Demo

Figure 25. OPNET home screen

34

References
Galen Gruman . (2009). What cloud computing really means. Journal of cloud computing. 21 (1), p10-14. Dave Asprey. (2010). Building a truly secure Cloud with Dell and Trend Micro. Journal of Computer Applications. 2 (1), p915. Richard Chow. (2009). Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control. International Journal of Network Security & Its Applications (IJNSA. 20 (1), p7-12. Jon Brodkin. (2008). Gartner: Seven cloud-computing security risks. Cloud Security Journal . 3 (1), p4-7.
35

References (contd..)
Alan Boehme. (2010). Top Threats to Cloud Computing V1.0. Cloud Security Alliance. . 10 (2), p19-23. CHEN Quan. (2009). Cloud computing and its key techniques. Journal of Computer Applications. 20 (1), p10-12. Kevin Hamlen. (2010). Security Issues for cloud computing. International Journal of Information Security and Privacy. 4 (2), p12-15. ELIZABETH WHITE. (2009). Safeguarding Management and Security in the Cloud. Cloud Security Journal . 3 (1), p8-12.

36

References (contd..)
Aderemi A. Atayero. (2011). Security Issues in Cloud Computing: The Potentials of Homomorphic Encryption. Journal of Emerging Trends in Computing and Information Sciences. 2 (10), p12-16. David Binning. (2011). Top five cloud computing security issues. International Journal of Software engineering. 4 (2), p20-24. Terri Quinn-Andry. (2010). Pervasive Security Answers Cloud Computing Worries. Cisco cloud articles. 2 (1), p10-13.

37