Information Technology Reference
In-Depth Information
Figure 3. Lifecycle in Different Containers
vice deployers to control the lifecycle through the
remote tools provided.
Security in Containers
. Security (along with
availability) is probably the most important feature
that users expect from Clouds. The Container
must provide a safe environment to run, protect-
ing components from internal or external threats.
Security is a very complex aspect, and it must be
addressed with several measures at different parts
of the Cloud platform.
First, the Container must provide full
isolation
(Herzog et al. 2005) of components from different
application providers. For better resource usage,
it is likely that the same container will host com-
ponents from several different developers. This
should be totally transparent to them, and no
component shall be able to interfere with other
components. This implies, for example, that the
Container shall not allow components to use re-
sources without restriction, to avoid potential star-
vation situations due to one or more (malicious or
not) components exhausting or locking resources.
Instead, the Container will have to implement fair
resource sharing policies. As a result, the Container
will need resource accounting mechanisms. Also,
the Container shall be able to withdraw access to
resources to those components that exceed their
quota (e.g. avoid memory exhaustion because
of memory leaks from faulty components. Apart
from resource control, the Container must also
impose strict restrictions so components will not
be able to interfere to other components or to the
platform itself. Depending on the base platform
used, this can be troublesome. For example, the
Java platform provides Class Loaders to control
what functionality some code can access to.
However, this is not the only way for malicious
users to attack some other components in the same
environment, the are other well known problems
such as the visibility of object references in static
classes, possibility for malicious tenants to block
other tenants through shared data structures (such
as queues) or static synchronized methods.
Besides implementing secure multitenancy,
the Container must block external attacks. It is
reasonable to assume that many (if not all) services
hosted in the Cloud will be accessed through Web
interfaces. Thus, Cloud providers must focus on
defensive mechanisms against Web-attacks.
De-
nial of Service
,
Distributed DoS
,
SQL Injection
,
Search WWH ::
Custom Search