DOI: 10.5176/978-981-08-5837-7_215
Authors: Peter H. Chang
Abstract:
Traditionally software runs on a dedicated hardware, which is preallocated days or months ago as its running platform. The hardware was supposed to be scalable to accommodate the running of more software, at least for a considerate period of time in the near future. In a client-server platform environment, a client is preconfigured to select one of multiple server hardware to obtain services run as software. Lately the grid systems provide clusters of hardware as running platforms for purposes such as load balancing in a sense that a hardware platform with lesser load s selected to run a software application that is to be launched.
Cloud computing allows software to be run on virtual machines, which are allocated at a moment’s notice. As more pieces of software are to be run, more virtual machines can be created and configured to support them. As powerful and flexible as cloud computing is, there are security risks that must be mitigated. One is memory piracy and the second is network interception. A reason that there is a risk of memory piracy is that many virtual machines could reside on the same physical server and use space of shared memory. A consumer (or user) of one virtual machine could potentially peek into the memory space of another virtual machine and steal sensitive data from the consumer of this other virtual machine.
A reason that there is a risk of network interception is that an internet hacker could intercept data packets and identify sensitive information for messages exchanged between the consumer client and a virtual machine. Managing cloud computing objects for potentially over thousands consumers is a complex task. The paper proposes selective encryption strategies in securing these objects, which include but not limited to the following. 1. Identify persistent objects and reduce redundancies in their storage or referencing locations by using object-oriented modeling technique with the Unified Modeling Language (UML). 2. Encrypt pre-selected essential object data. 3. Store the encrypting keys and essential object data in a random access file, which allows faster retrieval of data and adds an extra layer of security. 4. Retrieve an encryption key and decrypt object data when needed. The paper provides an example of selective encryption and concludes with a description of theadvantages of the proposed selective encryption strategy.