Database Reference
In-Depth Information
own applications and software stack. The customers have full control over operating
systems, storage, deployed applications, and possibly limited control of selecting
networking components (e.g., host firewalls). An example of IaaS is Amazon EC2
[2]. EC2 provides users with access to virtual machines (VM) running on its servers.
Customers can install any operating system and can run any application in that VM.
19.2.2 b
ig
D
ata
With the advance of data storage and processing infrastructure, it is now possible to
store and analyze huge amounts of data. This has ushered the age of Big Data, where
large-scale and high-volume collections of data objects require complex data collec-
tion, processing, analysis, and storage mechanisms.
According to Gartner [6], “Big data are high volume, high velocity, and/or high
variety information assets that require new forms of processing to enable enhanced
decision making, insight discovery and process optimization.”
Existing database technology as well as localized data-processing techniques often
do not scale high enough to handle Big Data. Therefore, most Big Data-processing
techniques require the use of cloud computing to process the data.
19.2.3 w
hat
m
akes
C
louD
s
eCurity
D
iFFerent
?
Researchers have studied security and privacy issues in distributed computing sys-
tems for a long time. However, several factors make cloud security different from
traditional distributed systems security. This is related to the fundamental nature of
clouds.
19.2.3.1 Multi-Tenancy
The first critical issue is the idea of multi-tenancy. A cloud is a multi-tenant model
by nature. This means that, at any given time, multiple (potentially unrelated) users
will be sharing the same physical hardware and resources in a cloud. This sharing of
resources allows many novel attacks to happen.
19.2.3.2 Trust Asymmetry
Next, cloud security is difficult because of the asymmetric trust relationship between
the cloud service provider and the customers/users. Today's clouds act like big black
boxes and do not allow users to look into the inner structure or operation of the cloud.
As a result, the cloud users have to trust the cloud provider completely. Cloud pro-
viders also do not have any incentive to provide security guarantees to their clients.
19.2.3.3 Global Reach and Insider Threats
In most distributed systems, the main threat is to defend the system against external
attack. Therefore, a lot of effort is directed toward keeping the malicious attackers
outside the system perimeter. However, in a cloud, the attackers can legitimately
be inside the system. All they need to do is to pay for the use of cloud resources. In
most clouds, anyone possessing a valid credit card is given access to the cloud. Using
this, attackers can get inside a cloud without actually violating any law or even cloud
Search WWH ::
Custom Search