Interoperability
users to access the resources in the cloud.
Interoperability in cloud federation is the
ability of a particular cloud to interact with
others in the network. It is basically involves
the interactive protocols, interfaces that must
be known to all the clouds networks
interacting with each other. As federated
datacenter consists of multiple clouds that
need to exchange information, services and
resources with one another, it is essential to
have particular protocols via which the
resources are been shared in cloud
computing. Mostly Application
Programming Protocols (API’s) are used but
other that Ontologies and broker can also be
used for interoperability.
Standard interfaces approach is prefer over
broker and ontologies as enhancement and
addition of newer resources becomes easier
to implement whereas brokers adds an extra
layer to the existing cloud federation which
might halt the entire working of the
federation if any issues are occurred in the
broker itself. This is also termed as a Single
Point of Failure (SPOF).
Another important aspect of
interoperability is portability which plays an
important role as migration of application
and resources is rapidly increasing in
today’s time in cloud federation .with the
benefits portability also comes with
disadvantage that the security constraints
and local network setting can slow down the
migration between clouds. Also origin and
destination domain of the resources that
needs to be migrated adds to the difficulty of
portability.
Federated Identity management
Identity management looks after the
authentication process required to access the
resources in federated cloud. Identity
management can be done in two ways first is
the Single Sign On (SSO) approach. This is
the simplest method to integrate and enable
From security point of view this approach is
very easy for malicious users to attack and
get hands on confidential information using
login credentials of any genuine user.
Second approach is where the authentication
process is been delegated to third party that
is the identity providers where they
generally implement open authorization
standard protocols like OpenID, Oauth etc.
However just like SSO, Identity Providers
can also be attacked by malicious users as
they are centralized and contents sensitive
information for multi clouds in the
federation.
Such attacks can at times lead to vendor
lock-in and such situations would lead to
additional security cost for the cloud
federation.
Service Management
In cloud computing it is very essential to
some service that keeps track of all the
resources and services are being used or is
been requested to be used in the future.
It becomes also becomes essential to keep
track of all the data that is been shared
between the different federated clouds in the
network.
So service management is the service that
keeps track of the discovery and mapping of
the resources in the federated cloud network.
Security becomes a concern as data
communication at times in cloud federation
can take place outside their particular
domain because of this, security of the data
that is been communicating is been shared in
a trusted/untrusted network such as
internet .so it becomes difficult at times to
keep track of the resources been shared,
though use log files and catalogs to keep
track of the shared resources.
Contract Maintenance
As there are multiple information and
services being shared on the federated cloud
network it becomes essential to maintain a
contract for distinguishing about which
resources can be accessed by other cloud in
the environment.
This contracts acts as internal SLA’s which
helps to stipulate which resource and service
that can be access by other clouds in the
network.
Penalties are been are charge if any cloud
breaches the terms of the contract and also if
multiple breaches occur by any cloud than,
that cloud may be even disassociated from
the federated network.
Resource Monitoring
Due to diversity of components and features
in federation environment it becomes
necessary to keep a watch on what resources
are been used and its status has to be
monitored.
In cloud federation one needs to monitor the
federation as well as the applications
running within the federation.
Proprietary tools such as HP Opeview
,Zabbix and Ganglia ,etc are used ,though
this tools are good for low level intruder
detection .While for high level intruder
detection a more stricter approach can
implemented by creating a compatibility
matrix in the FLA that are supported in the
monitoring system of the federated cloud
For monitoring application in the federated
cloud, service providers offer Monitoring as
a service (MaaS) to its customers.
So the security challenge that comes with
the MaaS Service is that the cloud service
provider can itself keep a track of all the
resources and services that is been used by
its customers and such scenarios can be
avoided by having a agreement with service
provider.
Resource Orchestration
Orchestration of resources in a federated
cloud is essential as it allocates the space
and grants the requested services to the
resources and application demanding for the
same.
The orchestration is done in two ways, first
is from the service providers point of view
where the provider takes into account
various factors such as Quality of services,
price of resources, Geographic dispersion,
and network latency.
And the second way in which the
orchestration is done from the customers or
the organizations using the services in cloud
federation. Here the orchestration is done on
the bases of the interactive services (peer-
peer network) and visuality (vacancy and
transparency) of the data and resources that
been used by the applications running on the
federated network.
Federated cloud Security threats: Multiple
attempts have been made to attack the
security of the federated cloud; the attacks
that have been made on the network layer,
platform layer and application layer.
Following are the attacks made on network
layer of the federated cloud
Eavesdropping attack:
In Eavesdropping attack, the hacker’s entire
into the network layer and masks themselves
as a genuine or legitimate user of the
services that has been offered by the
network and then the hacker tries to modify
or delete the information in the packets
beening transmitted.
Denial of Service (DoS):
In denial of service attack the malicious
user/attacker tries to disrupt the service
provided by the cloud environment by
making it inaccessible to the authorized
users of the services. This can be done in a
number of ways in the virtualized cloud
environment.
Spoofing attack:
In spoofing attack the malicious user takes
control over the device of a legitimate user
on the network and then the hacker/attacker
tries to steal data or even tries to bypass the
network to another network.
Man in the middle attack:
Man-in-the–middle is a kind of
eavesdropping attack where the malicious
user gets in between the sender and receiver
domain, here the hacker not only tries to
capture the information but also modifies the
information and sends it to the receiving
party.
Routing attack:
In routing attack the malicious user tries to
bypass the entire system network onto some
other network. Some of the types of routing
attacks are denial of service and hit and run
attack.
Following are the attacks/threats that are
made on the platform layer of the federated
cloud.
Cloud service Manipulation:
In cloud federation there are multiple
services that are been offered by the cloud
providers. Here the legitimate user of the
system tries to gain special access to the
services that they have not paid for or are
not authorized to use them. They try to
manipulate the system setting and by doing
so they breach the security of the service
providers and suspicious get access to
sensitive information of other cloud users.
Privilege Escalation:
In privilege escalation the user/attackers try
to gain more access to services also at times
the attacker may also get access to high level
systems or application then provide then
their service providers or administrator. In
such type service attack the malicious users
basically tries to exploit the services which
are inaccessible to them.
Security inter –working:
The biggest advantage of cloud is sharing
resources, but at times the advantages too
have their drawbacks, same is the case with
inter-working security, here sharing of
resources with other clouds became a
gateway for the malicious user to get into
other network and retrieve the information
from it.
The threats made on the application layer
are as follows
Application data leakage:
Data leakages are slow and most common
way of data threat; here a malicious user
secretly gets access to the confidential
information from an organization. The user
can attack any sector in the industry and
steal sensitive information and then use it
for their own benefits.
Service logging failure:
Malicious scripts
Malicious scripts are form of attack made to
the system of legitimate users where in the
hacker tries to spy or steal data from the
users system by masking a malicious code
with the actual code for the application the
user is trying to access.
Such kind of attacks happen in the form
executable(.exe) file ,where when the users
runs the application; an unwanted code also
gets executed onto the system which indirect
gives the hackers the access they want on
the system.

Phishing attacks:
Phishing attack is a kind of data leakage
where the users’ clicks on a link that takes
them to a webpage where the malicious user
has set some malicious code that might get
the hacker to get access to your network or
system. This is the most successful way for
a malicious user to get access to the
confidential information.

Inconsistent Software Patches:

The users of any cloud federation makes use
of virtual machines to execute their
applications, but as all the users don’t have
the same system and software as other, one
can easily suspiciously detect a software
patch and can get access to other users
system without any logon credentials and
can get their hands-on on confidential
information.