Exploring and Cataloging Cloud Computing Security issues via FutureGrid
Abstract
A mention of the word "Cloud Computing" mostly comes with the question "How safe is Cloud Computing?", however the benefits that it offers in terms of improved costs and better performance via distributed computing resources in virtualized infrastructures and grid clusters makes it inevitable to use now and a lot more in the future. Over time a number of cloud service models have developed based on the kind of services and resources they provide, and a number of organizations are working actively to make the cloud safe for users.
This projects aims to develop a framework for classifying and determining the various risk factors and vulnerabilities affecting cloud computing deployments within various services models by harmonizing existing classifications by Cloud Security Alliance(CSA) and Open Web Application Security Project(OWASP) with other recommendations from industry experts in private, public and government sectors.
Relevant tools for assessing vulnerabilities and risks will be used, and other tools and utilities for the management and understanding of cloud security is expected to be developed over time. The project will start with cataloging and classifying a few security issues that currently exists in the domain from various users before being developed into a wider framework based on input from other researchers and interested parties.
Intellectual Merit
This project will benefit both the academic community in the US and worldwide as more collaborators are involved. It will also help to understand cloud computing better and develop ways to help in improving services by reducing or mitigating the risks that may affect better services.
Broader Impact
The benefits that a better understanding of security in cloud computing offers is not restricted to academia but will provide various industries and people in the private, public and government sectors additional knowledge and resources that will promote better and safer business and economic transactions via distributed computing resources that the cloud offers.
Use of FutureGrid
We expect to deploy resources in a Hybrid cloud environment whereby the interactions between the private and public clouds will be examined. Some of these is expected to be done in collaboration with existing users of FutureGrid.
Relevant network assessment and monitoring tools will be used to determine areas of vulnerabilities under different experimental conditions and environments.
Scale Of Use
About 2 times a week after which initial results will be examined and new scenarios will be introduced.
Futuregrid is a resource provider for