ACCESS MODEL BASED ON MOBILE AGENTS FOR THE PROTECTION OF CLOUD COMPUTING



This paper addresses the issue of information's security in cloud systems. Some modern solutions of protection are presented. These solutions have capabilities. Capabilities were compared, and result is shown in a corresponding table. The model, which supports all protection options fromthat table is presented. Multiagent system and method of data access that basedon a modified five-dimensional Hartson space. An architecture of wandering mobile agent is presented.

Keywords: mobileagent, cloud security

Clouds provide three types of resources: arepository of images of virtual machines, a set of computer servers on whichthey can be launched and an array of data repositories. There are solutions that provide security support. The following table present some of the sesolutions and their task of security support. Rows presents tasks of security support; columns present these solutions.

Table1 Security Tasks Coverage

Infrastructure Security[1] - security at various levels of "cloud". They are: network layer, host platform layer, and application level. The table [2,3,4] shows that described solutions do not provide full coverage of tasks of security support in cloud computing. To solve this problem, we can do integration ofthese solutions in a single model (Fig. 1). All information about resource usage is kept in monitoring unit. The user has access to the monitoring data if user and these data are related. Privacy Manager provides security of interaction between user and clouds, by supporting encryption and providing additional capabilities for managing access rights and control data. Support of interaction provided by the cloud system manager. "Access data" block gives access to the user data and provides information on their use. Images of virtual machines are stored in a special storage, which supports version control system. This vault is protected by a system of access control, integrity control and filters. When a guest operating system start running, images of virtual machines loading from storage on the host platform. The monitoring system works all times and all potentially dangerous events are recorded in special journals.

Fig.1 – Generalized model of cloud security

The issue of security is a key problem incloud computing. Basic solutions of cloud computing protection and how theywork are presented. It was determined that these products do not provide fullprotection of private clouds. It isproposed single system that consists of a set of subsystems, each subsystem isresponsible for a separate area of security.

Multiagent protection system is as follows: ${{A}^{s}}=\left\{{{A}_{M}},\left\langle{{A}_{sc}},{{A}_{ssw}},{{A}_{usw}},{{A}_{ac}},{{A}_{net}},{{A}_{db}},{{A}_{dev}}\right\rangle \right\},$ де: ${{A}_{M}}$ – monitoring agent-coordinator;${{A}_{sc}}$ – agent monitoring of system components; ${{A}_{ssw}}$ – agentmonitoring systems software; ${{A}_{usw}}$ – agent monitoring users software; ${{A}_{ac}}$– agent monitoring of access; ${{A}_{net}}$ – agent monitoring of networkconnection; ${{A}_{db}}$ – agent monitoring of database; ${{A}_{dev}}$ – agentmonitoring of external devices.

Model ofdiscretionary access: To create a model of discretionary access we will usemodified five-dimensional space Hartson[5]. We need to extend area of security.Final area will consist of six sets. It includes set of agents. {I} (Fig. 2):

- Set of users U;

- Set of resources R;

- Set of states S

- Set of powers A;

- Set of operations E;

-Set of hierarchical agentsI;

Fig 2 – Modified Hartson’s space

Then security area can be represented as Cartesian multiplication:

\[A\times U\times E\times R\times S\times I\]

Users make are quest for access to resources. When the system executes these requests, it enters into a new state. These requests represented as five-level cortege.

\[q=(u,e,{R}',s,{I}');u\in{U},e\in E,s\in S,{R}'\subseteq R,{I}'\in I.\]

Agent architecture The main components of this architecture are: private cloud users, agents of cloud and manager confidentiality. There are a number of different categories of users in an environment of distributed computing, for example: professors, graduate students, interns. They can use cloud system for secure data transmission, data storage, or making experiments.

Agent can provide secure services. Also, agents exchange messages inside their hierarchy, about changing user data or allocation of resources to the user, it allows to allocate resources within the network [6].

Mobile wandering agent. Mobile agent uses a database of information and authority (DBIA) to manage security of segment of distributed computer system(DCS). DBIA also allows to get access to service information of other agents hierarchy. DBIA consists of tables that containing information about the agent and set of the service information about security and capabilities relevant resources segment of DCS. Monitoring tool integrated into every agent and is used to control the access. This allows for more effective planning the allocation of resources. Each layer agent has several modules that interact with each other for control of powers during data transfer

Fig3 – Wandering agent structure

The communication layer has communication function and acts as the interface to the external environment. The agent uses communication module to receive and tosend official communications or to transfer information to the modules of communication layer. Making decisions about how the agent should act when receiving messages formed in coordination layer.

Resource management layer of agent is designed to control the flows of data, distributing and monitoring resources.

Data transfer tasks are sent from the coordinating layer to the local manager of agent. These tasks include scheduling information for the data (start time of the transfer, allocation of data channels, IDs, etc.). Part of the flow control system is also responsible for managing the queues streams, that were scheduled for transfer to locally managed resources. At the time of the transfer, the data aimed at component of resource allocation.

Manager of monitoring in coordination layer compares the data from the activity module with plans of loads (start time of the transfer, allocation of data channels, IDs, etc.). An important component of resource management layer is a module whomonitors resources and activities on the node. Resource monitor controls thedata flows and resource allocation and collects information about node activityto send these data to the coordinating layer of agent.

This paper deals with the protection of private clouds. An analysis of existing security solutions is done. Table of cover is built, it illustrates the positive and negative aspectsof existing solutions. From table of cover is determined that such solutions do not fully protect. To solve this problem, system that consists of subsystems, each of which is responsible for their part of security, is presented. Multiagent system provides adequate protection, a list of agents that this system requires is presented. Proposed to use discretionary access model to ensure data access. This model is based on a modified 5-dimensional Hartson space. Also, this article considers mobile agent architecture, that used to test emergency situations.

Bibliography:

  1. Volokyta A.M. The security maintenance model of cloud computing at the infrastructure level / A.M Volokyta,Vu D.T., I.V Kokhanevych., A.E Bidkov. // Adaptive systems of automaticcontrol. -2012.- №. 21(41)-p. 123-131.

  2. Wei Jinpeng. Managing Security ofVirtual Machine Images in a Cloud Environment / Wei Jinpeng, Zhang Xiaolan, Ammons Glenn, Bala Vasanth, Ning Peng // CCSW'09: Proceedings of the 2009 ACM workshop on Cloud computing security pages91-96. November 2009.

  3. Mowbray Miranda. A Client-Based Privacy Manager for Cloud Computing. / MowbrayMiranda, Pearson Siani //COMSWARE '09:Proceedings of the Fourth International ICST Conference on COMmunication SystemsoftWAre and middleware. June 2009.

  4. Lombardi Flavio. Transparent Security for Cloud. / Lombardi Flavio, Di PietroRoberto // SAC'10: Proceedings of the 2010 ACM Symposium on Applied Computing, pages 414-415.March 2010.

  5. Volokita A.N. / Hierarchical Security Agents in Distributed Computing Systems // Volokita A.N., Vu Dyk Tkhin // Visnyk NTUU “KPI”.Informatics, operation and computer science. – 2012. - № 55. - p.117-124.

  6. Tarasov V. B. From multi-agent systems to intelligent organizations:philosophy, psychology, computer science. / V. B. Tarasov., 2002.
May 23, 2016