International Journal of Information Security and Software Engineering

Open Access  Subscription or Fee Access

Cloud computing becomes popular as the next infrastructure of computing platform. Despite the promising model and hype surrounding, security has become the major concern that people hesitate to transfer their applications to clouds. Concretely, cloud platform is under numerous attacks. As a result, it is absolutely anticipated to establish a firewall to guard cloud from these attacks. However, setting up a centralized firewall for a whole cloud data center is infeasible from both performance and financial aspects. In the present paper, we offer a decentralized cloud firewall framework for individual cloud customers. We investigate how to dynamically allocate resources to optimize resources provisioning cost, while satisfying QoS requirement specified by individual customers simultaneously. Likewise, we found novel queuing theory based model M/Geo/1 and M/Geo/m for quantitative system analysis, where the service times follow a geometric distribution. By employing Z-transform and embedded Markov chain techniques, we obtain a closed-form expression of mean packet response time. Through extensive simulations and experiments, we accomplish that an M/Geo/1 model reflects the cloud firewall real system much better than a traditional M/M/1 model. Our numerical results also indicate that we are able to set up cloud firewall with affordable cost to cloud customers.

Z. Xiao, Y. Xiao. Security and privacy in cloud computing, IEEE Commun Surveys Tuts. 2013; 15(2): 843–59p.

C. Hoff. (2008). Cloud computing security: From ddos attack (dis-tributed denial of service) to edos (economic denial of sustainability) [Online]. Available: http://www.rationalsurvivability.com/blog/?p=66.

T. Ristenpart, E. Tromer, H. Shacham, S. Savage. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds, In: Proc 16th ACM Conf Comput Commun Security. 2009, 199–212p.

K. Salah, K. Elbadawi, R. Boutaba. Performance modeling and analysis of network firewalls, IEEE Trans Netw Serv Manage. 2012; 9(1): 12–21p.