Presentation Title

Building Ultra-Secure Private Cloud to Promote Collaborative Research in Security, Privacy, and Digital Forensics

Session Format

Paper Presentation

Research Area Topic:

Computer Science - Computer Security

Abstract

In this research, our goals are: 1) to develop the Georgia Southern Secure Private Cloud (GSSPC) designated for sensitive data processing/storage and security/privacy/forensic research; 2) to design and develop a secure and reliable cloud load balancing and bandwidth shaping algorithm (LBBSA) and a programmable Smart Load Balancer and Bandwidth Shaper (SLBBS) that identifies and forwards sensitive data to GSSPC while passing the rest of the traffic to public cloud services such as the Chameleon cloud; 3) to support potential collaborative research among faculty and researchers in CEIT departments; 4) to support potential collaborative research with surrounding institutions; 5) to support and promote lab-based undergraduate and graduate education in cyber security and digital forensics.

The proposed system consists of Red Hat Linux, OpenStack with KVM (Kernel-based Virtual Machine) and Linux-based open source software and tools are free of cost. OpenStack KVM solution is one of the most popular open source cloud operating options with excellent scalability. In addition to the embedded security features provided by OpenStack, Linux based open source security and forensic software and tools, such as Snort IDS/IPS, The Sleuth Kit (TSK), and RainbowCrack, are all available free of cost.

The hardware of the proposed infrastructure consists of 3 rack servers: 1 controller node, 1 network node, and 1 compute node. The controller node runs the virtual machine Identity and Image services, management portion of Compute, and the dashboard. This server provides service to both GSSPC and SLBBS. The network node runs the networking plug-in and several agents that provision tenant networks and provides switching, routing, Network Address Translation (NAT), and Dynamic Host Configuration Protocol (DHCP) services. This rack server will be configured and modified to function as the SLBBS. The compute node runs the hypervisor that operates tenant virtual machines or instances, using Kernel-based Virtual Machine (KVM) as the hypervisor. The compute node also runs the networking plug-in and an agent that connects tenant networks to instances and provide firewall (security groups) services. These hardware will support the aforementioned software systems for implementing the proposed infrastructure. An LBBSA will be designed and implemented (programmed) to run on top of the hardware and software systems. The proposed interdisciplinary collaborative project targets the intersection of two of the most important research problems in computer and information technology: the cloud and security.

The proposed infrastructure supports collaborative research among faculty and researchers in CEIT, for example finding the security solution for cognitive radio networks utilizing the processing capability and protected storage of GSSPC.

In this research, we evaluate our proposed GSSPC model and present some results obtained from simulations and experiment.

Presentation Type and Release Option

Presentation (Open Access)

Start Date

4-16-2016 4:00 PM

End Date

4-16-2016 5:00 PM

This document is currently not available here.

Share

COinS
 
Apr 16th, 4:00 PM Apr 16th, 5:00 PM

Building Ultra-Secure Private Cloud to Promote Collaborative Research in Security, Privacy, and Digital Forensics

In this research, our goals are: 1) to develop the Georgia Southern Secure Private Cloud (GSSPC) designated for sensitive data processing/storage and security/privacy/forensic research; 2) to design and develop a secure and reliable cloud load balancing and bandwidth shaping algorithm (LBBSA) and a programmable Smart Load Balancer and Bandwidth Shaper (SLBBS) that identifies and forwards sensitive data to GSSPC while passing the rest of the traffic to public cloud services such as the Chameleon cloud; 3) to support potential collaborative research among faculty and researchers in CEIT departments; 4) to support potential collaborative research with surrounding institutions; 5) to support and promote lab-based undergraduate and graduate education in cyber security and digital forensics.

The proposed system consists of Red Hat Linux, OpenStack with KVM (Kernel-based Virtual Machine) and Linux-based open source software and tools are free of cost. OpenStack KVM solution is one of the most popular open source cloud operating options with excellent scalability. In addition to the embedded security features provided by OpenStack, Linux based open source security and forensic software and tools, such as Snort IDS/IPS, The Sleuth Kit (TSK), and RainbowCrack, are all available free of cost.

The hardware of the proposed infrastructure consists of 3 rack servers: 1 controller node, 1 network node, and 1 compute node. The controller node runs the virtual machine Identity and Image services, management portion of Compute, and the dashboard. This server provides service to both GSSPC and SLBBS. The network node runs the networking plug-in and several agents that provision tenant networks and provides switching, routing, Network Address Translation (NAT), and Dynamic Host Configuration Protocol (DHCP) services. This rack server will be configured and modified to function as the SLBBS. The compute node runs the hypervisor that operates tenant virtual machines or instances, using Kernel-based Virtual Machine (KVM) as the hypervisor. The compute node also runs the networking plug-in and an agent that connects tenant networks to instances and provide firewall (security groups) services. These hardware will support the aforementioned software systems for implementing the proposed infrastructure. An LBBSA will be designed and implemented (programmed) to run on top of the hardware and software systems. The proposed interdisciplinary collaborative project targets the intersection of two of the most important research problems in computer and information technology: the cloud and security.

The proposed infrastructure supports collaborative research among faculty and researchers in CEIT, for example finding the security solution for cognitive radio networks utilizing the processing capability and protected storage of GSSPC.

In this research, we evaluate our proposed GSSPC model and present some results obtained from simulations and experiment.