Toward a trusted framework for cloud computing

0 downloads 0 Views 396KB Size Report
malicious data using the first type of IDS and Mobile Agents. In case of attack, we collect ... The rest of this paper is organized as follows: The section II presents ...
Toward a Trusted framework for Cloud Computing HICHAM TOUMI *, MOHAMED TALEA

KHADIJA SABIRI, AHMED EDDAOUI

Information Processing Laboratory, Department of Physical, Faculty of Science Ben M'sik, University Hassan II Casablanca, Morocco [email protected] , [email protected]

Laboratory Information Technology and Modeling, Faculty of Science Ben M'sik, University Hassan II Casablanca, Morocco [email protected] , [email protected]

Abstract— Cloud Computing is evolving as a key computing platform for sharing resources that include infrastructures, software, applications, and business. However, Cloud Computing is still a matter of great concern for a cloud user to trust security and reliability of cloud services. Cloud Computing is undergoing an incontestable success, which could be indeed compromised by concerns about the risks related to potential misuse of this model aimed at conducting illegal activities. There is major need of bringing security, transparency and reliability in cloud model for client satisfaction. One of the security issues is how to reduce the impact of any type of intrusion in this environment. To overcome these kinds of attacks, we propose a framework of cooperative Hybrid Intrusion Detection System (Hy-IDS) and Mobile Agents. Then, our Hybrid IDS consists of two types of IDS, which are dispatched over three layer of cloud computing. Therefore, in the first layer our framework allows to collect, analyze and detect malicious data using the first type of IDS and Mobile Agents. In case of attack, we collect at the level of the second layer all the malicious data detected in the first layer for the generation of new signatures, based on a Signature Generation Algorithm (SGA) and network intrusion detection system (NIDS). However, these new signatures are used to update the database of the IDS. The mobile agents play an important role in this collaboration. They are used in our framework for investigation of hosts, transfer data malicious and transfer update of a database of neighboring IDS in the cloud. Therefore, the neighboring IDS will use these new signatures to protect their area of control against the same type of attack. Applying this close-loop control, the collaborative network security management framework could identify and address new distributed attacks more quickly and effectively. Keywords-Cloud Computing, Hy-IDS, Mobile Collaborative, Signature Generation Algorithm.

I.

Agents,

INTRODUCTION

Cloud computing represents distributing computing mechanism in way the use of the high speed network and highly scalable distributed computing platforms in which computational resources are offered 'as a service'. It provides dynamically scalable infrastructure or virtualized resources in the form of services over the Internet. Cloud computing is an evolving concept that describes the development of many existing technologies and approaches to computing into something different [1]. It is a model for enabling scalable, on demand network access to a shared pool of configurable computing resources that can be provisioned ubiquitously and released with minimal management effort and cloud service

provider interaction [2]. Also, it provides a shared pool of resources, including data storage space, networks and computer processing power [3]. Cloud enhances collaboration, flexibility, scaling, and availability, and provides the potential for cost reduction through optimized and efficient computing. At the same time, the transformational nature of the cloud is associated with significant security and privacy risks. Besides all these benefits, the adoption of cloud computing is still being resisted by users due to security reasons. That is to say the fast growth of cloud computing technology introduces more of the vulnerabilities. The traditional security mechanisms like authentication, identity and authorization have proven to be insufficient in the present form in securing virtualized cloud environment. This insufficiency is due to the resources which are completely distributed heterogeneously [4]. Security is considered to be one of the most critical aspects in cloud computing environment due to the confidential and important information stored in the cloud. Traditional security solutions, such as HIDS and NIDS are widely deployed on several models and security policies. They play an important role in protecting the network from attempted intrusions. After a thorough study, the most of these appliances work without collaboration, the most of these appliances function without collaboration. So, their detection results are isolated, and cannot be collected and analyzed systematically. For this reason, we thought to present a new security policy, which allows the detection of distributed attacks such as deny of service (DoS) and Distributed Denial of Service (DDoS). We present a smart framework for the intervention in case of attack. This framework is based on collaborating Hybrid Intrusion Detection System (Hy-IDS) and Mobiles Agents in Cloud (offering IaaS). Hy-IDS based on two types of IDS; then this collaboration allows to the first type IDS which use mobile agents to collect evidences of an attack from all the attacked VM for further analysis and auditing. Moreover, after the detection of attacks by the first type of IDS this last notified second type of IDS by transfer mobile agents for generate new signatures. Finally, the new signatures will be used to update the database IDS belonging to the neighboring domain under the direction of a cloud administrator [1]. The rest of this paper is organized as follows: The section II presents theoretical background and discusses some related works in the area of Mobile Agent-based IDS and NIDS. The section III forms the core of this paper explains and describes in detail our approach. Whereas the proposed framework is

978-1-4673-8149-9/15/$31.00 ©2015 IEEE

discussed in section IV; finally we give conclusion, perspective and references in section V. II.

THEORETICAL BACKGROUND AND RELATED WORK

In this section, we start with theoretical background includes mainly Cloud Computing, virtualization in the first part and Related Work as a second part. A. Cloud Computing Cloud computing allows with computation, storage services, data access and software that may not demand enduser knowledge of the physical location and the configuration of the system that is delivering the services [5]. Cloud computing deals a better use of distributed resources, combine them to achieve higher throughput and be able to solve large scale computation problems [1][6]. Cloud computing is provides dynamically scalable and virtualized resources as services over the Internet. It uses virtualization, serviceoriented software, and grid-computing technologies, among others. The consumers’ requirements can potentially vary over time and changes must to be accommodated. Then, in Cloud computing platforms, resources need to be dynamically configured and aggregated via virtualization. A Cloud computing system consists of a collection of inter-connected and virtualized computers dynamically provisioned as one or more unified computing resource(s) through negotiation of service-level agreements (SLAs) between providers and consumers [7]. National Institute of Standards and Technology (NIST) defined cloud computing as follows: "Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction [8]". Also, it is defined cloud computing by describing five essential characteristics, three cloud service models, and four cloud deployment models [9]. Cloud infrastructures are based on virtualization technology with hypervisors to transparently allocate resources of physical hosts for a service provider’s virtual machines (VMs). A main benefit of virtualization is to allow running multiple operating systems on a single physical system where underlying hardware resources are shared [9].Virtualization technology is the aim of the second part. B. Virtualizing the Cloud Computing Infrastructure Virtualization, which proposes a crucial change from physical to logical, improves IT resource utilization by using company’s physical resources as pools from which virtual resources can be dynamically allocated. By treating virtualization technology in an environment, we’ll be able to consolidate resources such as processors, service, storage, and networks into a virtual environment. The technique of Virtualization allows the creation of numerous virtual systems within a single physical system; virtual systems are independent operating environments that use virtual resources. When we consider virtualization, most of the times we get confused with virtualization technique that has to be used. There are three types of virtualization: Para virtualization,

Container virtualization and the last Full virtualization [10] [11] [12] [13]. C. Intrusion Detection Systems (IDS) Intrusion Detection Systems (IDS) are among the fundamental tools for defending computational and networking infrastructures from malicious behavior. IDS are normally deployed on dedicated hardware at the edge of the defended networking infrastructure, in order to protect it from external attacks. The Intrusion Detection Service (IDS) increases Cloud’s security level by providing two methods of intrusion detection. First method is behavior-based method which dictates how to compare recent user actions to the usual behavior. The second approach is knowledge-based method that detects known trails left by attacks or certain sequences of actions from a user who might represent an attack. The audited data is sent to the IDS service core, which analyzes the behavior using artificial intelligence to detect deviations. This has two subsystems namely analyzer system and alert system. In order to detect the intruders the following techniques should be implemented in either HIDS or NIDS [1] [14]. D. Signature Generation Algorithm The IDS should be quickly updated in order that the system prevents new attacks. However attacker instead of finding new types of attack tries to remain unnoticed in the evading system by using signature. If we take one of the types of IDS as NIDS; then, for real time evasion IDS (e.g., NIDS) is created using the signature generation algorithm (e.g., Apriori Algorithm, Signature Apriori Algorithm). The aim of evasion is not to break the NIDS system but to make system sturdier. Different sessions of attacks are given as input to the signature generation algorithm. According to support and confidence value rule is generated by the signature generation algorithm. These rules are given to NIDS. When an attack is generated for which signature is stored in database NIDS, it generates an alarm. If NIDS failed to generate alarm means evasion is successful. So we found out different types of evasion [1]. E. Relevant Works and Limitations According to study library, there are few of works that collaborate between IDS, NIDS and mobile agents in the cloud. In this section, we present three works, firstly is based on Snort combined with a signature apriori algorithm, secondly is based on IDS and mobile agents, and last one is based on mobile agents. The first work, Chirag N. Modi et al propose a framework integrating network intrusion detection system (NIDS) in the Cloud. Then, NIDS module consists of Snort and signature apriori algorithm. It generates new rules from captured packets. These new rules are appended in the Snort configuration file to improve efficiency of Snort. The objective of this approach is to reduce impact of network attacks (known attacks as well as derivative of known attacks). The network may be external network or internal network. Snort will monitor those network packets and allow/deny them based on the configured rules. So, derivative attacks can be detected by Snort [15]. But this work

is unable to detect intrusion at the hosts, and Distributed denial of service attacks (DDoS). The second work, in [16] the VMs are attached to MA which collects evidences of an attack from all the attacked VMs for further analysis and auditing. Then, they have to correlate and aggregate that data to detect distributed attacks. This work tried to offer a line of defense by applying mobile agent’s technology to provide intrusion detection for cloud applications regardless of their locations. Thus, it builds up a robust distributed hybrid model scalable, flexible and cost effective method based on mobile agents (MA). This kind of work is limited to the detection of attacks at machines. They did not think to monitor network traffic simultaneously. The third work is essentially the proposal of an architecture that can respond to user needs through access to a cloud computing secure with mobile agents. For this, A. Alwesabi et al. Their architecture is based on mobile agents that have kept the goal as a secure communication in cloud computing. The concept of mobile agent appears in this context as a solution to facilitate the implementation of dynamically adaptable applications, and provides a generic framework for the development of cloud computing applications [17][1]. But, they did not exploit mobile agents for security against intrusion attacks. After that, we found the need for collaboration between several security solutions. This collaboration is mainly based on mobile agents. Then we exploit mobile agents for security against intrusion attacks and at the same time as a communication tool between different layers of cloud computing. For this reason, we combine between the strengths of these previous works in our approach. We discuss in the next section the advantages of this collaboration. III.

and collection of malicious data from the lowest layer (temporary database). Then, IDS-Cr uses all malicious data collected from different IDS-C (each IDS-C contains a temporary database) and using them to generate new signatures through a Signature generation algorithm. x

Using the newest signatures to update the database IDS-Cr, this IDS-Cr may be belonging to the domain that created new signatures or belong to the neighboring domain.

B. Our Proposed Hybrid Framework a) Components of our framework In figure 1, our Hybrid Intrusion Detection System (Hy-IDS) combines Intrusion Detection System Center (IDS-Cr), Intrusion Detection System Control (IDS-C) and Intrusion Detection System Master (IDS-M). The IDS-Cr consists of an Intrusion Detection System (IDS) and Signature Generation Algorithm (SGA); IDS-C based on combined IDS with the living environment of mobile agents named Agents Agency (AA). The IDS-M is based on Intrusion Detection System (IDS) and Living Environment of Mobile Agents named Agents Agency (AA). Concerning the types of IDS; there are network based (NIDS) and host based (HIDS) intrusion detection systems. Then, some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Finally, using mobile agents to ensure communication between the IDS-C, IDS-Cr and IDS-M [1]. Hy-IDS

OUR TRUST FRAMEWORK FOR CLOUD ARCHITECTUR

IDS IDS -CIDS-C -C

Our approach is based on improving and supporting collaboration among Hybrid Intrusion Detection System (HyIDS), Signature Generation Algorithm (SGA) and Mobile Agents (MA). Then, we start this section by the objectives of the proposed framework, its overall architecture, highlighting its four main layers and overall functioning.

AA

A. The Objectives of the Framework The objectives of our framework are devided into three main Points as follows: x

x

In the virtual environment (e.g. Virtual Machines) the detection of intrusion is based on IDS and Mobile agents. We use IDS-C that based on combined IDS with the living environment of mobile agents; it uses mobile agents for collecting evidences of attack from all the attacked VM for further analysis and auditing. Thus, in case of attack IDS-C aggregate malicious data, then placing them in a temporary database. Using malicious data collected in the first part for the generation new signatures. For this reason, we use IDS-Cr that consists of a (IDS and Signature Generation Algorithm); IDS-Cr uses Mobile Agents for aggregation

IDS

IDSIDSCr IDS-Cr Cr

IDS

Hy-IDS: Hybrid IDS IDS-C: IDS Control IDS-Cr:IDS Center

AA

IDS-M

SGA

IDS

AA

SGA: Signature Generation Algorithm IDS: Intrusion Detection System AA: Agents Agency IDS-M:IDS Master

Figure 1. Components of our Hy-IDS

-

-

Intrusion Detection System (IDS): IDS have the ability to perform real-time traffic analysis and packet logging. IDS perform protocol analysis, content searching and content matching. It comprises of multiple components that communicate with each other in order to detect intrusion according to its signature database. It is configurable and constantly updated. Signature Generation Algorithm (SGA): Different sessions of attacks are given as input to Signature Generation Algorithm (e.g, Apriori Algorithm and

Signature Apriori Algorithm). According to support and confidence value rule are generated by Signature Generation Algorithm. These rules are given to IDS. When attack is generated for which signature is stored in IDS, it generates alarm [1]. - Agents Agency: Agency presents an environment for mobile agents to become alive. An agency is responsible for hosting and executing Agents in parallel and provides them with environment so that they could access services, communicate with each other, and migrate to other agencies. Also, an agency protects the underlying VMs from unauthorized access by malicious Agents [1]. b) Architecture of our cloud computing As shown in Figure.2, Cloud is regarded as a front-end and back-end. Then, Front-end is used by the user to communicate with Cloud Computing. It is connected to both external network as well as internal network. Then, It is presented in the figure 2 by the Cloud-layer include only the Cloud Controller (CLC). Platforms back-end consists of computer hardware and software (servers, storage), that are designed for the delivery of services. Combined, these components make up cloud computing architecture. Back-end allows treatment of the user's query and executes it for allowing to access VMs instances. Then, it is presented in the figure 2 by the Cluster-Layer include only the Cluster Controller (CC), Node-Layer include only the Node Controller (NC) and VM-Layer include only the Virtual Machines (VMs).

Service Level Agreements (SLAs) per cluster. But, cloud can have multiple clusters. The Node Controller (NC) at level of physical server; it hosts the virtual machine instances and manages the virtual network endpoints. c)

Building a Solution Framework

Following the presentation of the components of our Hy-IDS and the cloud model proposed in the previous part. We superimposed our Hy-IDS with the cloud computing model in Figure 3. The delivery of services at Infrastructure-as-a-Service level (IaaS level) mainly depends upon virtualization [18]. Virtualization is basically the emulation of the software and/or hardware upon which other software runs and this emulated environment is known as Virtual Machine (VM) [19]. It improves the performance and efficiency of a server by running different operating systems (guest OS installed on VM) on same physical machine where underlying hardware resources are shared. Using virtualization, better hardware utilization, scalability and load balancing can be achieved through dynamic provisioning and migration of VMs [20, 22]. These VMs are further managed by hypervisors, also known as Virtual Machine Monitor (VMM) and are basically installed on server hardware [20, 21] [23]. Internet External Network

CLC

Internet

IDS-M

1)

¤

CLC

NC

NC

Back-End

NC

NC

NC

NC

NC

NC

3) 4)

CC

IDS-Cr

CC

CC

CC 2)

CC

CC

Front-End

External Network

NC

VM

NC

NC

IDS-C

SA / SN VM

NC

VMM

Hypervisor Hardware infrastructure

VM

VM

VM

VM

1): Cloud-Layer 2): Cluster-Layer 3): Node-Layer

Figure 2.

4): VM-Layer

Our cloud computing

The Cloud Controller provides endpoints for clients to access the system. The Cloud Controller maintains a database with tables for apps, services, user roles, orgs, spaces, service instances. The CLC acts as the administrative interface for cloud management and performs high-level resource scheduling. Only one CLC can exist per cloud and it handles reporting, authentication and accounting. The Cluster Controller (CC) acts as the front end for a cluster within a cloud computing and communicates with the Cloud Controller and Node Controller. It manages instance (i.e., physical servers or virtual machines) execution and

Figure 3. The Hierarchy of our cloud computing

Thus, as shown in figure 3, we use VMM in our framework to ensure a new level of trust in the VMs. Then, we place the components of IDS-C at the level of nodes (physical server) for monitoring virtual machines. For more details, we place IDS-C at the level of VMM. At the same time, we place specific static agent detectors (SA) and sensor (SN) at the level of VMs. Our IDS-C allows the detection of intrusion and malicious data aggregation using mobile agents. After, we place IDS-Cr in the front-end Cluster (CC) for the monitoring a set of nodes. Also, it generates new signatures. Finally we place IDS-M in the front-end Cloud (CLC) for the monitoring a set of Clusters and Management of updates. d) Functioning of Our Framework

VM-layer and Node-layer constitute the fundamental design of our proposed framework. Then, each node consists of three main components namely IDS Control (IDS-C), Agents Agency (living environment of mobile agents), Specific Static Agent Detectors (SA).

affirm the existence of an intrusion. It carries back the result at to the IDS Control to perform advanced analysis. In case of attack, IDS-C aggregate malicious data, then placing them in a temporary database. After, IDS-C uses Transfer Mobile Agents (TMA) for notifying IDS-Cr placed in the cluster layer as shown in the figure 4. After, IDS-Cr dispatches Investigative Mobile Agents (IMA) to any IDS-C those send TMA, for aggregation and collection of their malicious data from the database temporarily. Then, IDS-Cr uses all malicious data collected by IMA and using them to generate new signatures through a Signature Generation Algorithm (SGA) at level of IDS-Cr.

Static Agents (SA) placed at the level of virtual machines. It generates an alert whenever they detect suspicious activities, then send alert’s ID to IDS-C. In this case, IDS-C will send investigative Mobile Agent (IMA) with a specific task, to each agency (VM) that sent similar alerts. The IMA visit and investigate all those VMs for collecting information, who

Internet attackers External Network

CLC IDS-M DB UMA

34

UMA

UMA

UMA

CC_1

3

CC_3

4

CC_2

3

4

IDS-C

IDS-Cr DB

TMA

DB

TMA

IDS-C

1

VM

IMA

VM

IMA

1

Hypervisor

TMA

VMM

VM

2

Hardware infrastructure

1

1

IMA

VM

IMA

1

Hypervisor

VM

VMM

: attack detection on VMs 2

Hypervisor

TMA

VM

4

Hardware infrastructure

: aggregation of data from multiple IDS-C CLC: Cloud Controller

3

VM

VMM

4

Hypervisor Hardware infrastructure

Node_2

Node_1

Node_2

IDS-M: IDS Master IDS-Cr: IDS Control Center

VMM

VM

2

Hardware infrastructure

Node_1

TMA

TMA

:new signatures

UMA: Update Mobile Agent

4

:updates neighboring cluster

VM: Virtuel Machine

DB: Database

IDS-C: IDS Control IMA: Investigative Mobile Agent CC: Cluster Controller TMA: Transfer Mobile Agent VMM: Virtual Machine Monitor

Figure 4. Overall architecture

Finally, these new signatures will be using to update the database IDS belonging to this IDS-Cr. after that, IDS-Cr sends these new signatures toward IDS-M. Thus, IDS-M uses these new signatures to update databases of neighboring cluster (eg: IDS in CC_2 and CC_3) based on update mobile agents (UMA) as shown in figure 4. These updates go through the IDS-M, to maintain a hierarchical structure in our framework. Then, our framework protects neighboring clusters of the same type of attack. Thus, among the advantages of our approach, other clusters are protected against the same category attack. IV.

DISCUSSION

Detection of intrusions, malware and vulnerability are major security concerns in the Cloud. The existence of vulnerabilities in Cloud computing allow intruders to affect the availability, confidentiality and integrity of cloud resources as well as

services. To address this issue, our proposed solution framework (cooperative Hybrid intrusion detection system into Cloud) can be using to detect network attacks (known attacks as well as derivative of known attacks) at the front-end as well as the back-end of Cloud environment (i.e IaaS). The idea of cooperation between security components, it allows to solve the problem of the old insulation solutions in cloud. Thus, the generation of new signatures and the exchange of updates between clusters, so our framework will be able to achieve new knowledge and detect new kind of intrusion. Outstanding scalability is another strong point of our framework. When for example our VM migrates to a machine out of organization boundary (for example from Cluster 1 toward Cluster 2), it is still possible to perform intrusion detection as our IMA can migrate just like VMs, and the same rule applies to other mobile agents (TMA and UMA). And this

is strength of our framework which gives the IDS and NIDS great scalability and flexibility. The proposed framework could reduce the impact of several types of attacks. The proposed architecture in our work is an approach based on mobile agent is conceived for the execution of a service in cloud (IaaS). Also, it defines a set of functional modules described in terms of their behavior, interfaces and components (Mobile Agents, Intrusion Detection System, and Signature Generation Algorithm). Then, it defines how these components interact in order to correctly accomplish all the tasks in the system. Finally, our framework is characterized by the following features: Continuous detection of attacks, incrementally deployable security elements, dynamically enable / disable / upgrade security elements. V.

CONCLUSION AND FUTURE WORKS

Cloud-computing present lots of advantages to organizations. Although, organizations should understand carefully the security measures provided by the cloud provider for protecting them against the attacks. In this paper, we propose an intelligent architecture, which is based on the collaboration of the IDS-C, IDS-Cr, IDS-M and Mobile agents. As mentioned previously, mobile agents are used in our framework to investigate the VMs, transfer of malicious data, exchange of update between different clusters in cloud computing. Thus, the mobile agents could have the ability to investigate the VMs and ensure communication between hierarchical layers or cluster, they should be granted a permission of access the host’s resources like file system, network interfaces, database, and so on. The challenges mentioned in this paper are the following: the first, intrusions detection in a virtual environment using mobile agents in order to collect malicious data. The second is generation of new signatures from malicious data. Finally, dynamic deployment of updates between clusters in a cloud computing, using the newest signatures. Further research can be undertaken to improve the work presented. The future directives are: We will continue to deepen the concepts and the notions of this architecture and to proceed after to its implementation in order to validate it, take into account the adaptability of agents’ appearance, use of cooperation mechanisms between mobile agents in order to effectively perform the tasks required and generation of response actions (local and remote). REFERENCES [1] H. TOUMI, A. EDDAOUI and M. TALEA.” Cooperative Intrusion Detection System Framework Using Mobile Agents for Cloud Computing”. Journal of Theoretical and Applied Information Technology 10th December 2014. Vol.70 No.1 [2] P. Singh Hada, ET all. “Security Agents: A Mobile Agent based Trust Model for Cloud Computing”. International Journal of Computer Applications (0975 – 8887) Volume 36– No.12, December 2011. [3] A. Pandey, et al.” An Approach for Virtual Machine Image Security“. International Conference on Signal Propagation and Computer Technology (ICSPCT), 2014

[4] K. Hashizume, D. G. Rosado, E. Fernandez-Medina, and E. B. Fernandez, "An analysis of security issues for cloud computing, " Journal of Internet Services and Applications, 4:5, 2013. [5] Y. Jadeja, et al. “Cloud Computing - Concepts, Architecture and Challenges”. International Conference on Computing, Electronics and Electrical Technologies, 2012. [6] Jean-Henry Morin, Jocelyn Aubert, Benjamin Gateau. “Towards Cloud Computing SLA Risk Management: Issues and Challenges”, 45th Hawaii International Conference on System Sciences, 2012. [7] Kwang Mong Sim. “Agent-based Cloud Computing”. IEEE Transactions on Services Computing, 2011. [8] Y. Jadeja, et al. “Cloud Computing - Concepts, Architecture and Challenges”. International Conference on Computing, Electronics and Electrical Technologies, 2012. [9] Amin Jula, Elankovan Sundararajan, Zalinda Othman.” Cloud computing service composition: A systematic literature review”, Expert Systems with Applications 41 (2014) 3809–3824 [10] Lei Yu, Chuliang Weng, Minglu Li, and Yuan Luo, SNPdisk: An Efficient Para-Virtualization Snapshot Mechanism for Virtual Disks in Private Clouds, IEEE Network July/August 2011. [11] Anish Babu S, et al. “System Performance evaluation of Para virtualization, Container virtualization and Full virtualization using Xen, OpenVZ and XenServer”. Fourth International Conference on Advances in Computing and Communications. 2014 IEEE. [12] Miguel G. Xavier, Marcelo V. Neves, Fabio D. Rossi, Tiago C. Ferreto, Timoteo Lange, Cesar A. F. De Rose, Performance Evaluation of Container-based Virtualization for High Performance Computing Environments, 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing IEEE 2013. [13] Michael Terrell, Natarajan Meghanathan, Setting up of a Cloud Cyber Infrastrcture using Xen Hypervisor, 10th International Conference on Information Technology: New Generations IEEE 2013 [14] I. Gul and M. Hussain, “Distributed Cloud Intrusion Detection Model”, International Journal of Advanced Science and Technology, vol. 34, pp. 71-82, 2011. [15] Chirag N. Modi, Dhiren R. Patel, Avi Patel, Muttukrishnan Rajarajan, "Integrating Signature Apriori based Network Intrusion Detection System (NIDS) in Cloud Computing". 2nd International Conference on Communication, Computing & Security (ICCCS-2012), 905 – 912. [16] Dastjerdi, Amir Vahid, Kamalrulnizam Abu Bakar & Sayed Gholam Hassan Tabatabaei. “Distributed Intrusion Detection in Clouds Using Mobile Agents”, In Proceedings of the 2009 Third International Conference on Advanced Engineering Computing and Applications in Sciences. ADVCOMP ’09 pp. 175–180, 2009 [17] Alwesabi Ali, Almutewekel Abdullah & Okba Kazar. "Implementation of Cloud Computing Approach Based on Mobile Agents". International Journal of Computer and Information Technology (ISSN: 2279 – 0764) Volume 02– Issue 06, November 2013 [18] M. Kazim, R. Masood. M. A. Shibli. And A. G. Abbasi. "Security aspects of virtualization in cloud computing," CISlM 2013 International Conference on Computer Information Systems and Industrial Management Applications, pp. 229-240, 2013. [19] K. Scarfone. M. Souppaya. And P. Hoffman, Guide to Security for Full Virtualization Technologies. NIST Special Publication 800-125. 2011. [20] F. Sabahi, "Secure virtualization for cloud environment using hypervisorbased technology." International Journal of Machine Learning and Computing, vol. 2, no. I, pp. 39-45, 2012. [21] L. Almutair. and S. S. Zaghloul, "New virtualization-based security architecture in a cloud computing environment, " In Proceedings of The 3rd International Conference on Digital Information Processing and Communication (ICDlPC), pp. 676-686, 2013. [22] S. Luo, Z. Lin, X. Chen, Z. Yang, and J. Chen, "Virtualization security for cloud computing service, " In Proceedings of the 2011 International Conference on Cloud and Service Computing. IEEE Computer Society Washington. DC. USA, pp. 174-179, 2011. [23] Anjali Pandey, Shashank Srivastava.” An Approach for Virtual Machine Image Security”. International Conference on Signal Propagation and Computer Technology (ICSPCT), 2014.