Dissertation, Thesis Topics on Cloud computing and virtualisation security

Cloud computing security is a rapidly emerging
research area amidst growing security concerns
among the companies availing cloud hosting
services for their critical IT systems. The virtual
closed user group (V-CUG) mode of cloud
computing operation, upon a massive shared
real infrastructure shared among thousands of
clients, is not yet well understood in the
academic and even in the professional worlds.
There are many unanswered questions because a
direct analogy with self hosted infrastructure
systems is not yet established. Regulators across
the world are facing tough challenges in
allowing the companies to host their critical IT
infrastructures on cloud computing platforms.
Protection of user sessions from the threats on
the Internet takes us back to the old era of Zone
based Firewall security system which was solved
by establishing the Public, Secured and
De-Militarised zones. Intrusion Detection and
Prevention systems extended added advantages
to the Zone based Security System. However,
cloud computing hosting requires the user
sessions to traverse the Internet. Then where
does the Zone based Security comes in picture?
If this is the only way to access the cloud hosted
resources, then what is the solution for secured
access to cloud computing resources? Assuming
that IP-VPN tunneling using IKE with IPSec and
3DES/AES encryption is the solution to
protecting Internet exposed user sessions, how
many tunnels will the cloud hosting providers
terminate at their end? Which VPN aggregator
can support millions of tunnels? What will be the
WAN overload? What will be the performance?
Is it really feasible having millions of IP-VPN
tunnels to secure cloud computing clients?
Please keep in consideration that this is just one
area of security because the issues of Server
operating systems, LAN, applications, web
services, platforms, etc. security at the cloud
hosting end is still unaddressed. What are
service providers doing to ensure that one client
do not get even accidental access to the data of
another client?

Let us begin with the fundamentals. Cloud
computing infrastructures employ the same IT
components that corporations have been using in
their self hosted infrastructures. However,
clouds are deployed at massive scales with
virtualization as their core technology. The
security threats and vulnerabilities are the same
that the world has been witnessing in self hosted
real and virtual infrastructures. In self hosted
environments, corporations have kept
themselves secured by operating within CUG
(Closed User Group) environments, which are
protected from the external world through
peripheral devices like Zone based Firewalls,
Intrusion Prevention Systems, Network
Admission Control, Anomaly Control,
Antivirus/Antispyware, etc. All users in the
CUG go through an organized authorization
system to achieve privilege levels on the secured
computers, and their activities are logged and
monitored. In cloud hosted scenario, the CUG
breaks completely. In fact there is no real CUG -
as it becomes virtual. The sessions between users
and servers, that were highly protected on
private IP addresses on CUG LANs, get exposed
to public IP addresses of the Internet. The
security controls are out of the hands of the end
customers, as the service providers own the
clouds. The end user files and data gets spread
across multiple physical hosts, with no
identifiers determining the location of a
component of a file/folder and its data. The
service providers, on the other hand, use real
components for the entire cloud and only virtual
components for the end customers. Hence,
personalisation becomes a major problem,
because there is nothing real; everything is just
virtual everywhere - the authentications,
authorizations, accounting, file locations,
database locations, sessions, application
demands, servers, etc. The end users get virtual
screens to manage their so called personalized
cloudlet on a massive cloud infrastructure.

The challenge is related to going back to the
olden days of security controls, prevalent in real
CUG environments, and implementing them on
the virtual CUG environments. In your study,
you can pick one of the prominent security
challenges - like access control, network control,
de-militarized zones, web services control,
file/folder security controls, etc. In fact, you
should prefer to choose an area that can be
simulated on a network modelling and
simulation platform - like OPNET, Cisco Packet
Tracer, OMNET++, etc. Do not try to address
more than one areas in your thesis, because your
study would tend to get generalised. I propose
that you should study the following areas in
your dissertation/thesis project about Cloud
Computing Security:

You may like to study data security services in
Cloud Computing environments. Data Security
services in cloud computing is still mystery for
the customers although service providers have
implemented all standard technologies that you
can imagine: stateful inspection firewalls,
Intrusion Detection and Prevention devices,
Web services firewalls, Application firewalls,
Spam filters, Antivirus, Anti-Spyware, Gateway
Level File Inspections, etc. But customers are not
able to specifically identify the controls
applicable on their files/folders because they do
not know the physical location of them (as you
must be knowing, files get distributed into
multiple virtual machines spread across multiple
data centres).

Your topics may comprise of these frameworks
combined with actual security controls possible
on cloud hosting through platforms of cloud
service providers. The studies may be carried
out by studying various security attributes by
modelling and simulating them on appropriate
network modelling tools (OPNET, Cisco Packet
Tracer, OMNET++, etc.), or by conducting
surveys and interviews of experienced IT
professionals that are managing cloud hosted
services for their end users. Please contact us at
consulting@etcoindia.co or
consulting@etcoindia.net to discuss your interest
area in cloud computing security. We will help
you to formulate appropriate topics, their
descriptions, and your research aims and
objectives, supported by most relevant
literatures. We have helped many students in
completing their research projects on IT security
and IT governance on cloud computing. There
are no dearth of topics as this is an emerging
field that is actively targeted for academic
research studies. However, it should be kept in
mind that the research studies in this field
should yield firm and actionable outcomes, in
the form of IT security strategies, IT governance
strategies, architectures and designs for the end
users of Cloud Computing Hosting and for the
service providers that are still struggling to
convince the global regulators that cloud
computing security is in no way inferior to
traditional self hosted IT infrastructure security.
The standards and global best practices (listed
above) can definitely add value, although the
implementation plans for cloud hosting end user
companies should evolve from academic
research studies.